Organizations and users
In 10Duke Enterprise, organizations and users are the entities for which you create entitlements and grant licenses.
User groups are the entities used for authorizing user access to organization licenses.
Organizations
Organizations in 10Duke Enterprise represent the customer companies who have purchased your products.
You can also use organizations to represent your resellers, if you’re provisioning licenses using activation codes that you’re distributing through resellers.
When you have a new customer company, you start by creating an organization for them. All information in 10Duke Enterprise related to the company will be associated with the organization, such as the company’s end users and administrator users, the licenses that the company has purchased, and the user groups that are authorized to consume those licenses.
You can manage organizations either using the 10Duke SysAdmin tool or through the 10Duke Identity Management REST API.
User groups
With user groups, you manage license assignments to your B2B customers’ users with less time and effort. This makes especially large-scale license management use cases easier to handle.
After setting up groups for an organization and adding users to the relevant groups, you can authorize and revoke user access to organization licenses at the group level.
How user groups are used depends on your customer’s needs. For example, a common use case is that a company wants to control access in a different way for their employees and their contractors, and manages these users in separate groups. Another example use case is to create separate groups for users who need short-term access to the licensed software, for example, for the duration of a project.
You authorize groups to use licenses per entitlement.
Take these steps to authorize users to consume an organization’s licenses:
-
Create the necessary user groups groups for the organization.
-
In each of the organization’s entitlements, define which groups are authorized to access the licenses.
-
To give users access to licenses, add them to the applicable user groups.
If you later need to revoke a user’s access to licenses, remove the user from all the groups that are authorized to consume those licenses.
(You cannot authorize an individual user to consume organization licenses directly in the entitlement—the authorization always comes through a group.)
You can manage user groups using the 10Duke Identity Management REST API and authorize them to access licenses using the 10Duke Entitlement Management REST API.
You can also manage user groups and their authorization using SysAdmin, or allow organizations to manage their own user groups in the 10Duke OrgAdmin tool.
Users
In 10Duke Enterprise, you create user accounts for the end users who consume licenses. These registered users can be either your direct B2C customers or users in your B2B customer organizations.
You also create user accounts for 10Duke Enterprise administrators: your own system and reporting administrators who use SysAdmin or 10Duke Insights, as well as your customer organizations’ administrators who use OrgAdmin.
A user’s access rights depend on their user roles and the licenses they have access to:
-
A user’s access to your licensed software depends primarily on which licenses they have been authorized to use.
-
A user’s roles determine their access rights to the data of the organizations they belong to. If needed, additional role-based control can also be applied in client applications.
New users can be created into 10Duke Enterprise, for example, by sending them an email invitation, which they need to accept to get a user account. To give the users access to an organization’s licenses right away when they sign up, you can invite them directly to the applicable user groups.
You can manage user accounts either using 10Duke SysAdmin or the 10Duke Identity Management REST API, and you can allow your customer organizations to invite and manage their own end users in OrgAdmin.
Users can also be automatically provisioned to 10Duke Enterprise using an integration to an external identity provider. By default, the minimum data that the external identity provider must provide on a user is the user’s first name, last name, and email address.