Tag: license portal

Licensing software to customers with thousands of employees (B2B)

In this post, we would like to share several new tools and practical tips that are tailored to those of you that sell to larger companies. We will cover the common issues such as management of large number of activations, offline access and reporting.

Recommended approach

When selling to larger companies, we recommend to issue one license key per client and keep track of the employees using activations. For those familiar with Flexera terminology, an activation is the same as a seat. There are two ways to restrict the number of active employees that you can your software:

  • Node-locked: in the node-locked model, once a device is activated, it needs to be manually deactivated if the customer wants to use that seat on a different machine.
  • Floating license: in this model, unused devices will automatically be deactivated when not in use, allowing your customers to install your application on any number of machines and use it concurrently on a limited number machines.

If you want to have different number of seats per feature, our recommendation is to issue a separate license per feature.

Managing activations

Typically, it’s more convenient to issue one license key per company and then restrict the number of end users (aka. machine codes/seats) to the number of workstations that will run the application. However, it can quickly become hard to manage all the end users, especially when employees leave and your customers want to free up unused seats.

To solve this problem, we have introduced the concept of “friendly name” and improved the license portal to allow your customers to query on it.

A friendly name is a way to add a human-readable name to each activated device, so that it is possible to tell which user it belongs to. Normally, machine codes are an unreadable string, and look similar to “9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08“. To make it easier to distinguish between these, you can add an optional paramater FriendlyName when activating/verifying a device. For example, if you have integrated our key verification script, you can add the friendly name as shown below:

var result = Key.Activate(token: auth, parameters: new ActivateModel()
    Key = licenseKey,
    ProductId = 3349,
    Sign = true,
    MachineCode = Helpers.GetMachineCode(),
    FriendlyName = Environment.MachineName

Our recommendation is to use Environment.MachineName as the friendly name, since if your customers use Active Directory, they will be able to see it in the admin dashboard:

To make it easier for your customers to find unused devices and deactivate them, we have added new tools in the customer portal and a new permission to deactivate devices in the customer object. There’s also a new sign up link that you can use to allow your customers to sign up with deactivation permission.

Once they are logged in, they can click on the “manage licenses” tab, and they will see a pag similar to the one below:

Here they can either manage all the activations/used seats and remove unused ones. For example, to find all my activations, the admin could click on “manage activations globally” and search for “artem(at)cryptolens.io”:

Offline access

Oftentimes, larger companies have strict constraints on internet connectivity. They may want to have their devices completely offline or without direct internet access. When your customer puts forward this constraint, our recommendation is to offer them to use our license server as a first step, which tends to be accepted in most cases. The idea behind the license server is to act as a reverse proxy, in other words, it allows devices on your customers’ network to communicate with Cryptolens through the license server, without the need of having a direct internet access by themselves. As a result, only the license server needs to be able to access the internet. Furthermore, your customers can restrict the internet access of the license server to only be able to access Cryptolens. Instead of having to do that for all their devices, they can focus on protecting one workstation running the license server. The license server is freely available on GitHub.

If your customers want to have their devices completely offline, you can use the idea of offline activation, by delivering the license file using eg. a USB stick. In simple terms: normally, when you call Key.Activate to verify a license key, you receive a signed JSON response that our client libraries convert into a language-specific object. For example, in .NET, it’s the LicenseKey object. Once you have this object you can check the status of the license, eg. features and expiration date. For devices that do not have the ability to call Key.Activate, you can instead send them the result from this method as a license file. The easiest way to enable your customers to receive these files on their own is by using our Activation Forms. Once they have provided the license key and machine code, a license file will be downloaded, which they can put on a USB stick, which is then used to activate the offline device. Under the hood, an activation form will call Key.Activate; in other words, if you want to control the user experience, you can create your own page that performs this call. Alternatively, you can manually create this file in the dashboard, by clicking on the yellow button next to the license key.

Reporting tools

Another important feature that your customers can request is to have access to audit logs. For example, if the use the floating license model, they might want to know how many seats are used at any one time so that they can scale it up or down. We are actively working on improving the customer portal to allow your customers to analyse their usage. At the time of writing, we have created standalone scripts on GitHub that you can use to generate several common reports. If you need to generate a specific report, please let us know and we will add example code.