This is a list of terms and abbreviations used in 10Duke Enterprise documentation.
A token that allows a client application to call 10Duke APIs in a secure manner.
After successful authentication using OpenID Connect/OAuth, 10Duke Enterprise returns an access token (a random character string). The client application includes this token in later API requests to inform 10Duke Enterprise that the application is authorized to access the API.
Activation codes are a mechanism that allows you to distribute licenses that your customers can redeem later.
Based on the provisioning and activation code configuration you set up in 10Duke Enterprise, licenses are automatically created and granted when customers use the activation codes you have generated for them.
Aggregated licensed item
An aggregated licensed item is contained in another licensed item as a “child” item. A common use case for aggregated licensed items is to define a list of product features that the end user has access to.
When an end user accesses a resource defined by an aggregated license item, they consume the license of the “parent” item (the aggregating licensed item).
Aggregating licensed item
An aggregating licensed item contains other licensed items.
When licenses are granted, they apply to the “parent” aggregating licensed item. End users consume that license when accessing any of the “child” resources.
Authentication means the verification of a user’s identity. 10Duke Enterprise can authenticate users or rely on authentication by a trusted external identity provider.
Authorization means determining if access to protected resources has been granted.
10Duke Enterprise provides a licensing solution for controlling access to your application and role-based access control for restricting user access to administration tools and APIs.
Interaction with 10Duke APIs uses OAuth for authorizing access to the APIs.
Built-in roles are predefined default system roles that 10Duke Enterprise automatically grants to users.
For example, every user is by default granted the “Viewer” role that provides very limited access. A user who has successfully logged in is granted the “Authenticated User” role, which grants more permissions.
A client application is any system integrated to 10Duke Enterprise that interacts with the 10Duke APIs.
Your application that the end user uses through a license is a client application. It can be, for example, a desktop, mobile, or web application, or a physical device (a machine or PC).
Other examples of client applications are possible administration user interfaces and CRMs integrated with 10Duke Enterprise.
Client roles can be used to control end user access in the client applications.
In many cases, the license controls what the end user can and cannot do in the client applications. If needed, you can also use 10Duke Enterprise for role-based access control in your client applications. You can manage both licenses and role-based access centrally in 10Duke Enterprise, and let your client application ask for all authorization decisions from 10Duke Enterprise.
Your customers can be companies or individual consumers, depending on whether you’re selling your software on the B2B or B2C market (or both).
End users are users who consume licenses.
Depending on who you’re selling licenses to, they can be users at a customer company who has purchased licenses from you (for example, the company’s employees or contractors), or they can be your direct consumer customers.
An entitlement is a collection of licenses granted to an organization or a consumer user. The latter is called a personal entitlement.
An organization’s entitlement defines which groups of users are authorized to consume the licenses in that entitlement.
In 10Duke Enterprise, the term used for this is “aggregated licensed item”. Aggregated licensed items can be used to define a list of product features that the end user has access to.
In identity federation, user identities are linked across multiple systems.
Licensee organizations may have their own identity provider that they want to use as the single source of truth for their user identity data. 10Duke Enterprise can rely on an external identity provider to authenticate end users, for example, by using OpenID Connect or SAML for single sign-on.
A floating license uses a license model where a limited number of licenses to your application are shared among a larger number of users.
For example, an organization might have purchased a 20-seat floating license, and they have 30 employees who consume the seats from a “central pool” when they need access to your application.
A JWT token that contains the details of an authenticated end user.
When an end user has been successfully authenticated using OpenID Connect, 10Duke Enterprise returns an ID token to the client application containing the end user’s details. When using an external identity provider for user authentication, 10Duke Enterprise can also rely on ID tokens granted by the external identity provider.
An identity provider provides user identity and authentication services.
In identity-based licensing scenarios, 10Duke Enterprise needs to know the end user who is consuming licenses. To authenticate end users, 10Duke Enterprise can act as the identity provider itself or rely on authentication by a trusted external identity provider.
An identity proxy is a service used as an identity provider that actually provides a connection to another identity provider.
When an external identity provider is used, client applications can still connect to 10Duke Enterprise for authenticating users. 10Duke relays the authentication to the external identity provider, in practice working as an identity proxy.
Internal roles are used to grant permissions in the scope of the whole system. You typically use internal roles for your own system administrator users.
Invitations are used for inviting new users to the system or existing users to join organizations. The invitation recipient can accept or decline the invitation.
The invitation recipient can also be added to specified user groups and assigned specified roles when they accept the invitation.
An invitation token that authorizes access to an invitation for the invitation recipient.
10Duke Enterprise generates the invitation token (a random character string), and the token must be provided to the recipient (usually as part of the URL to the welcome page) and be kept intact until the invitation has been accepted or declined. An invitation can have multiple tokens associated with it.
A license describes a contract between the licensor (you) and a licensee (a customer who has purchased your software). Your licensed software connects to 10Duke Enterprise for authorizing access to the software.
You grant licenses to customers using product packages. In practice, they get a separate license for each licensed item in a product package.
You can apply different types of license credit when granting licenses, for example, grant seats or use time.
End users consume licenses when they access a resource (such as your software application or a feature in it) that is protected by a license. Licenses can be consumed in online or offline mode.
License credit refers to the type and quantity of consumption that a license allows.
A license can specify credit in the form of seats (which limits the number of users consuming the license), use count (which limits the total number of times the license can be consumed), and use time (which limits the total consumption time).
A license lease is a time-limited authorization to consume a licensed resource, conveyed to the client application in a license token.
The lease provides information on the licensed item that the user is authorized to consume, the license they’re consuming, and the validity time of the lease.
10Duke Enterprise creates the license lease when the user starts consuming a license, and returns a license token that describes the lease. When the lease is about to expire, the client application can request to extend the lease.
License management means the configuring, granting, assigning, reconciling, revoking, and terminating of licenses.
In addition to the licensor carrying out these tasks, licensees have access to a limited set of tasks in the 10Duke OrgAdmin tool, their primary need being license assignment.
A license model defines how the licenses associated with the model can be managed by licensees and consumed by users. It reflects the business terms on which you as a vendor are granting a license to your customer.
You associate your licensed items with a license model through a product package.
A license seat allows license consumption to one user at a time for the duration of the license lease. When granting a license, you define how many seats are available.
Seats can be floating or named depending on the license model, and organizations can make seat reservations for their users.
A license server is an application that a software vendor uses to manage the licenses they issue to their customers.
In a traditional solution, a license server may be deployed on premise at the customer’s site. In more modern solutions, the license server is typically located in the cloud. 10Duke Enterprise is a cloud-based licensing solution.
A secure JWT token that 10Duke Enterprise sends to the client application when a user starts consuming a license. The license token describes the license lease, and the client application uses the token to enforce the license terms.
A resource you want to license, such as your software application, or a feature or a collection of features in the application.
A customer that has purchased a license from you. A licensee can be a company or a consumer customer.
Licensing refers to the whole set of tools and interactions where a licensor issues licenses and licensees purchase and administer them.
This is you, the software vendor: the company that grants licenses to licensees.
Multi-factor authentication (MFA) requires a user to provide two or more authentication factors to access a system.
In 10Duke Enterprise user authentication, two-factor authentication (2FA) can be used with a device or an application (such as Google Authenticator) that can generate time-based one-time passwords (TOTP).
Named seat license
A named seat license uses a license model where each seat is reserved for a named user. The seat can only be consumed by that user, and they must have a seat reservation to be able to consume the license.
In offline consumption, the client application used by the end user goes offline, typically for a longer period of time. As the client application won’t be able to refresh the license token frequently to extend the license lease, it checks out the license for the longer period of time allowed for offline consumption.
In online consumption, the client application used by the end user stays online and refreshes the license token frequently to extend the license lease.
An organization represents a customer company in the system when you’re selling your products on the B2B market.
An organization role grants permissions to access resources within a certain licensee organization. You typically use organization roles to control organization administrator access to OrgAdmin.
A permission to access or manage a protected resource in the system, for example, to create license models or to view organization licenses.
You grant permissions to users through roles.
With a perpetual license, the customer has made a one-time purchase to acquire the software.
Licenses granted on a perpetual basis are valid indefinitely (the license doesn’t specify an end date).
See “Activation code”.
A product package bundles together different licensed items into one sellable package, and associates a license model to those items.
A product package typically corresponds to what your customer understands to have purchased from you.
In 10Duke Enterprise, provisioning can refer to the provisioning of licenses or users.
License provisioning refers to the creating and initializing of licenses for use.
User provisioning refers to the creation of users, either in advance (for example, by email invitation or through the APIs) or on demand (for example, by using SSO or JWT bearer authorization based on data from a trusted external provider).
A role defines a set of permissions that can be granted to a user. The types of roles available are: built-in role, internal role, organization role, client role.
Role-based access control
In role-based access control (RBAC), roles and permissions are used to restrict user access. A typical 10Duke Enterprise configuration has multiple types of user roles, each granting different permissions in the system.
A seat reservation means that a license seat has been assigned to a specific user, and can only be consumed by that user.
With named seat licenses, seat reservations are mandatory, and the license model may restrict seat reassignment from one user to another.
With floating licenses, seat reservations can be made if needed, and this removes those seats from the floating license pool.
Single sign-on (SSO) allows a user to log in to multiple systems with a single identity and credentials.
In the context of 10Duke Enterprise, this usually means web SSO using either OIDC or SAML protocol to allow multiple client applications to use the same user identity.
With a subscription-based license, the customer pays, for example, a monthly or annual fee to use the software instead of making a one-time purchase.
Licenses granted on a subscription basis specify a start and end date, and the license is intended to be periodically renewed.
2FA; multi-factor authentication that requires two authentication factors, such as a password and a one-time password sent to a mobile device.
In 10Duke Enterprise, a registered user can be an administrator user who uses the 10Duke SysAdmin or 10Duke OrgAdmin tool, an end user who uses your licensed software application, or both.
A user’s access rights depend on their user roles and permissions and the licenses granted to them.
For example, a licensee organization’s user may act as the administrator for the organization, but they may also be an end user who uses the licensed software that the organization has purchased.
User groups are used for giving end users access to organization licenses in entitlements. User groups typically reflect the end users’ relationship to an organization, for example, an organization can have an “employees” group and an “external license consumers” group.
When organizations authorize their end users to consume the organization’s licenses, they do this by granting access per user group, not per individual user.
AWS Certificate Manager
Assertion Consumer Service
Application programming interface
Amazon Web Services
Customer relationship management
Domain Keys Identified Mail
Domain Name System
Enterprise resource planning
Federated identity management
General Data Protection Regulation
Hash-based message authentication code
Internet of Things
Java Runtime Environment
JSON Web Token ID
JSON Web Signature
JSON Web Token
Privacy Enhanced Mail
Proof Key for Code Exchange
Proof of concept
Role-based access control
Representational state transfer
Software as a Service
Security Assertion Markup Language
Simple Mail Transfer Protocol
Sender Policy Framework
Time-based one-time password
Uniform Resource Identifier
Uniform Resource Locator
Universal unique identifier