10Duke 101 – Understanding the Basics of 10Duke Licensing

10Duke Digital Rights Management
Digital Rights Management vs. Software Licensing – What’s the difference?
9th June 2021
Show all

10Duke 101 – Understanding the Basics of 10Duke Licensing

10Duke 101 - Understanding 10Duke Licensing

This blog is a brief introduction to 10Duke's Licensing Solution. We will go through its main concepts and how to integrate with 10Duke, including delegation of authentication, product configuration and delegation of authorization.


Basic Concepts

10Duke is a cloud-based licensing solution that allows you to configure, issue and manage the licenses you sell to your customers. It can be used by any person or company that is writing, publishing and providing access to software applications on specific licensed terms.

10Duke can be used to control access to web-based applications, mobile applications, desktop applications, plug-ins, embedded software as well as devices.

We use the term ‘control access’ rather than ‘sell’ deliberately. When software is licensed it doesn’t mean that it has necessarily been sold. Software can be provided free of charge, but access to it still may need to be controlled in some way. 10Duke allows you to license your software, regardless of whether or not you are selling it or providing it at no cost.

The information provided below outlines the standard way in which 10Duke is normally implemented and is designed to give you an overview of the key concepts underpinning the 10Duke licensing solution.

If your requirements are not identical to the scenarios outlined below, don’t worry. The 10Duke solution is very flexible and can most likely support your requirements. Please get in touch and we’d be happy to discuss your requirements in more detail.


There are 4 main components to the 10Duke solution:


An Identity Provider API

This is a customer identity management API that holds the user profiles of the human end users of your application. If you sell B2B, these will be the employees or contractors of your customers. If you sell your software directly to end consumers, these individuals are your customers.

An Entitlements API

This is an API that lets you define the products you are licensing. This might be a single application or features within an application. Each aspect of your product that you want to control for the purposes of licensing you need to name in 10Duke. We call these ‘licensed items’. Licensed items can then be grouped into “Product Packages” (i.e. combinations of features that make up an application or combinations of applications that make up a suite of products). To these product packages you then apply a license model (eg. subscription) and can grant the license to the company or user who has licensed it.

An Event Data API

Every event that occurs in either the Identity Provider or the Entitlements backend is recorded by the Event Data API. You can then make queries to the Event Data database via its API in order to interrogate the data and to learn how customers use your applications, your licenses and features of your applications. The event trail is primarily used for business intelligence or audit purposes.

Administration Modules

As the name suggests, these are web-based applications that allow different types of roles to administer all or specific aspects of the 10Duke solution. There are two main admin applications:

SysAdmin - a tool used by you, the application vendor, to configure licenses, products, and manage users. Access to SysAdmin provides administrative control of a 10Duke solution.

OrgAdmin - this tool is similar to SysAdmin but more narrowly scoped. It is used by an end customer administrator to manage the licenses they have purchased from you and to manage the users who are able to access these licenses.

User Profile - this is a tool used by the end user of an application in order to manage and control their personal profile information, configure and reset their password and enable MFA if that option is provided to them.


Deployment Model

10Duke is an API-based solution. The three main API products that 10Duke provides are available via a Graph-based API or a REST-based API. It is up to you which API format you choose to use and there are pros and cons to each. REST is more widely used and so, if you’re not sure, it is likely the best option.

10Duke is deployed from AWS and the backend applications are provided to you on a as-a-Service basis. There is no need for you to worry about management of the 10Duke applications. In order to integrate with 10Duke, you simply need to modify your software applications to call the 10Duke APIs in order to execute certain operations, request data or post data.

10Duke does support on premise licensing where your application is used in an air gapped network or similar scenario where there is no connection to the Internet available. Please contact us for more information.


How to integrate with 10Duke

In order to integrate with 10Duke, you will first need access to an Evaluation environment. This environment will be deployed for you by a 10Duke Delivery Team (please contact us if you wish to have an Evaluation environment deployed for you). 10Duke is a single tenant solution so it will be configured to suit any specific requirements you may have.

The initial integration steps you will need to follow are:


1. Delegation of authentication to 10Duke

The 10Duke solution introduces an initial sign-in step when a user tries to use the application you are licensing to them. The sign-in process authenticates the end user by checking that they have provided the correct username (usually email) and a strong password. MFA may also be required at this step, but that is an optional feature you can enable.

In your application, you will need to introduce this log-in form to your application. Depending on the UI technology being used by your app, 10Duke provides some libraries that you can use to make this process quicker. When the user signs into your application, it will delegate the responsibility for making the authentication decision (i.e. checking that the username and password are correct) to 10Duke using the 10Duke Identity Provider API. If the login details are correct, 10Duke will return an access token to your application which it will then use to make a second call to 10Duke, this time to the 10Duke Entitlement API, to check if the user has a license to the specific application or feature of an application that they are trying to access.

Depending on the type of application you are trying to license, the authentication process will follow a particular ‘flow’ specified by either the OAuth 2 or SAML 2 standard. Both of these are protocols used for the purposes of authentication. Your 10Duke Delivery Team will recommend the best flow for you to use, based on your specific requirements.


2. Product Configuration

To configure the products you want to license using 10Duke, you will need access to the 10Duke SysAdmin web application. Your 10Duke Delivery Team will provide this. There is a detailed SysAdmin User Guide available separately, so the following section will just provide a summary overview.


There are five steps in configuring your products:

  1. Create a licensed item - this is a specific term used within 10Duke to refer to the application that you are licensing. A licensed item can be a whole application or it can represent a feature of an app. If you want to license your application based on different feature combinations, then you should describe each of these features separately as a separate licensed item.
  2. Create a license model - this is the business rule against which you are providing your application to the end customer. For example, it might be a simple perpetual license model, a subscription model or a floating license model.
  3. Create a product package - this is done by combining any groups of licensed items together in one package and then applying a license model to it. It is this package that is then licensed to the end customer and would typically correspond to what they understand they have purchased from you.
  4. Create an Organisation and users belonging to that Organisation to which your product will be licensed
  5. Create an Entitlement which is basically a connection between a product package and the group of users who are authorised to use that product under license. There are two explicit steps that need to happen in order to ‘enable’ a license:

    - Grant licenses to all of the licensed items within a product package within specific Entitlement.

    - Grant access for a specific group of users to that Entitlement

    Please keep in mind that SysAdmin provides a visual and interactive means of accomplishing the above listed tasks. The same tasks can be carried out directly via the API as well.


3. Delegation of authorization

Once your application is able to successfully authenticate an end-user signing in and it can receive the access token, and you’ve got your products configured, the next step is to make a license consumption call. As the name suggests, this is when your application is checking that the specific user has been authenticated and has access to a license for the particular application or application feature that they are trying to access.

With the 10Duke Entitlements API, it is important to note that there are two different APIs that your application calls, depending on the operation:

1. For CRUD operations, in order to configure, edit and manage licenses, license models, product packages and licensed items, the Entitlement REST API is used.

2. To check licenses exist and make license consumption calls, your application will use the 10Duke Entitlements Authz API

If your application makes a license consumption call that is successful, it will receive a signed and encrypted JSON Web Token (JWT). This token contains information about the license the user has access to, including the licensed items and the validity period of the token. This token is then stored locally by the client machine.

The next time your application makes a license check (the frequency of which is set by you) it will look for the JWT token stored locally in the first instance. As long as the token is valid the client application will operate as it should without any need to make a further call to our backend. However, when the JWT token expires, then your application will need to make another license consumption call to 10Duke backend to refresh the token.


The Basics Complete

If you have implemented the three main steps above, you will now have a basic implementation of a 10Duke licensing solution up and running. A new user should be able to login to your application, they will be seamlessly authenticated and granted access to your application based on the product as configured in 10Duke. Their access will be governed in turn by any license they have been granted, via their Organisation, as configured in 10Duke.

Click here learn more about 10Duke products or schedule a Discovery Call with us.


Are you a software developer looking to sell more? Learn more from our guides:

Software Monetization Guide – How to Monetize Software in 2021?

Software Licensing Guide – Why is it so important?

Software Licensing Solutions – Guide 2021

Software Licensing Models – Ultimate Guide to Software License Types (2021)

Customer Identity and Access Management – What should a good CIAM solution provide?


You might also be interested in:

9th June 2021
10Duke Digital Rights Management

Digital Rights Management vs. Software Licensing – What’s the difference?

Digital Rights Management and Software Licensing both deal with protecting copyrighted materials. Learn the difference and more.
12th May 2021
license management solution

Software Activation – The Good, The Bad and the Modern

Software Activation is a technology that verifies a software product has been legitimately licensed for use. Learn how to do it effectively.
18th February 2021
How to Protect Software IP?

Software IP Protection – How to Protect Software Intellectual Property?

Software IP protection strategy is not just about limiting access. Best IP protection also aims to enhance customer experience.
25th January 2021
Stop selling perpetual licenses to your customers

Why You Should Stop Selling Perpetual Licenses to Your Product

It’s no longer financially viable for software vendors to offer a ‘one size fits all’ perpetual software license model.
18th January 2021
License servers ticking time bomb for software business

License Servers – A Ticking Time Bomb For Your Software Business?

License server is an outdated legacy solution that is blocking software companies from scaling up. Learn why and how to overcome this licensing problem.
27th August 2020
Subscription model shouldn't be forced on all products.

When a Subscription Model Doesn’t Fit… Alternatives to the Subscription Model

The subscription model is the main license model supported by most payment providers. But not all products can be forced into a subscription model.
18th August 2020
Software Licensing Provider

What Your Software Licensing Provider Isn’t Telling You

All software licensing providers say they’re good. But are they, really? Find out as we examine the pain licensing providers may be causing to your company.
5th June 2020
Identity based licensing by 10Duke

What is Identity-based Licensing?

Identity-based licensing is a method by 10Duke of controlling access to a digital product based on the authenticated identity of an individual.
6th May 2020
Alternative to FLEXlm

Alternative to FlexNet Licensing (FLEXlm)

Comparison between 10Duke Entitlements vs. Flexera’s Flexnet.

A brief introduction to 10Duke’s Licensing Solution. We will go through its main concepts and how to integrate with 10Duke, including delegation of authentication, product configuration and delegation of authorization.

Schedule a Demo