Software Activation – The Good, The Bad and the Modern12th May 2021
Licensing As a Service – Why It’s the Modern Way of Software Licensing13th December 2021
This blog is a brief introduction to 10Duke's licensing solution – 10Duke Enterprise.
We will go through its main concepts and how to integrate with 10Duke, including delegation of authentication, product configuration and delegation of authorization.
The Basics of 10Duke Licensing
10Duke Enterprise is a cloud-based licensing solution that allows you to configure, issue and manage the licenses you sell to your customers. It can be used by any company that is writing, publishing and providing access to software applications on specific licensed terms.
10Duke Enterprise can be used to control access to web-based applications, mobile applications, desktop applications, plug-ins, embedded software as well as devices.
We use the term ‘control access’ rather than ‘sell’ deliberately. When software is licensed it doesn’t mean that it has necessarily been sold. Software can be provided free of charge, but access to it still may need to be controlled in some way (think a free trial, for example). 10Duke allows you to license your software, regardless of whether or not you are selling it or providing it at no cost.
The information provided below outlines the standard way in which 10Duke Enterprise is normally implemented and is designed to give you an overview of the key concepts underpinning the 10Duke licensing solution.
If your requirements are not identical to the scenarios outlined below, don’t worry. The 10Duke solution is very flexible and can most likely support your requirements. Please get in touch and we’d be happy to discuss your requirements in more detail.
There are a few main components to the 10Duke solution:
1. An Identity Management API
2. An Entitlement Management API
3. An Event API
4. Administration Modules
As the name suggests, these are web-based applications that allow different types of roles to administer all or specific aspects of the 10Duke solution. There are two main admin applications:
1. SysAdmin - a tool used by you, the application vendor, to configure licenses, products, and manage users. Access to SysAdmin provides administrative control of a 10Duke solution – think of it as your control panel.
2. OrgAdmin - this tool is similar to SysAdmin but more narrowly scoped. It is used by an end customer administrator to manage the licenses they have purchased from you and to manage the users who are able to access these licenses. This will allow them to self-manage and saves you time and effort.
Login Application - a component that you can use to implement authentication-related services for end users. It also provides a web-based login page, and profile pages where end users can manage their personal profile information, change or reset their password, and enable two-factor authentication (2FA) for themselves (if you choose to offer this feature to your customers).
To learn more about the 10Duke APIs, see the Solution Components section on our documentation site.
10Duke Enterprise is an API-based solution. The main APIs that 10Duke provides are available as REST-based APIs.
10Duke Enterprise is deployed from AWS and the backend applications are provided to you on a as-a-Service basis. There is no need for you to worry about management of the 10Duke applications. In order to integrate with 10Duke Enterprise, you simply need to modify your software applications to call the 10Duke APIs in order to execute certain operations, request data or post data.
10Duke does support on-premise licensing where your application is used in an air gapped network or similar scenario where there is no connection to the Internet available. Please contact us for more information.
How to Integrate With 10Duke
In order to integrate with 10Duke Enterprise, you will first need access to an Evaluation environment. This environment will be deployed for you by a 10Duke Delivery Team (please contact us if you wish to have an Evaluation environment deployed for you). 10Duke is a single tenant solution so it will be configured to suit any specific requirements you may have.
The three initial integration steps you will need to follow are:
1. Delegation of authentication to 10Duke
The 10Duke solution introduces an initial sign-in step when a user tries to use the application you are licensing to them. The sign-in process authenticates the end user by checking that they have provided the correct username (usually email) and a strong password. 2FA may also be required at this step, but that is an optional feature you can enable.
In your application, you will need to introduce this log-in form to your application. Depending on the UI technology being used by your app, 10Duke provides some libraries that you can use to make this process quicker.
When the user signs into your application, it will delegate the responsibility for making the authentication decision (i.e. checking that the username and password are correct) to 10Duke using the 10Duke Authentication API. If the login details are correct, 10Duke will return an access token to your application which it will then use to make a second call to 10Duke, this time to the 10Duke Entitlement API, to check if the user has a license to the specific application or feature of an application that they are trying to access.
Depending on the type of application you are trying to license, the authentication process will follow a particular ‘flow’ specified by either the OAuth 2 or SAML 2 standard. Both of these are protocols used for the purposes of authentication. Your 10Duke Delivery Team will recommend the best flow for you to use, based on your specific requirements.
2. Product Configuration
To configure the products you want to license using 10Duke, you will need access to the 10Duke SysAdmin web application. Your 10Duke Delivery Team will provide this. There is a detailed SysAdmin User Guide available separately, so the following section will just provide a summary overview.
There are five steps in configuring your products:
- Create a licensed item - this is a specific term used within 10Duke to refer to the application that you are licensing. A licensed item can be a whole application or it can represent a feature of an app. If you want to license your application based on different feature combinations, then you should describe each of these features separately as a separate licensed item.
- Create a license model - this is the business rule against which you are providing your application to the end customer. For example, it might be a simple perpetual license model, a subscription model or a floating license model.
- Create a product package - this is done by combining any groups of licensed items together in one package and then applying a license model to it. It is this package that is then licensed to the end customer and would typically correspond to what they understand they have purchased from you.
- Create an Organisation and users belonging to that Organisation to which your product will be licensed
- Create an Entitlement which is basically a connection between a product package and the group of users who are authorised to use that product under license. There are two explicit steps that need to happen in order to ‘enable’ a license:
- Grant licenses to all of the licensed items within a product package within specific Entitlement.
- Grant access for a specific group of users to that Entitlement
Please keep in mind that SysAdmin provides a visual and interactive means of accomplishing the above listed tasks. The same tasks can be carried out directly via the API as well.
3. Delegation of authorization
Once your application is able to successfully authenticate an end-user signing in and it can receive the access token, and you’ve got your products configured, the next step is to make a license consumption call. As the name suggests, this is when your application is checking that the specific user has been authenticated and has access to a license for the particular application or application feature that they are trying to access.
With the 10Duke Entitlements API, it is important to note that there are two different APIs that your application calls, depending on the operation:
1. For CRUD operations, in order to configure, edit and manage licenses, license models, product packages and licensed items, the Entitlement REST API is used.
2. To check licenses exist and make license consumption calls, your application will use the 10Duke Entitlements Authz API
If your application makes a license consumption call that is successful, it will receive a signed and encrypted JSON Web Token (JWT). This token contains information about the license the user has access to, including the licensed items and the validity period of the token. This token is then stored locally by the client machine.
The next time your application makes a license check (the frequency of which is set by you) it will look for the JWT token stored locally in the first instance. As long as the token is valid the client application will operate as it should without any need to make a further call to our backend. However, when the JWT token expires, then your application will need to make another license consumption call to 10Duke backend to refresh the token.
The Basics Complete
If you have implemented the three main steps above, you will now have a basic implementation of a 10Duke licensing solution up and running.
A new user should be able to login to your application, they will be seamlessly authenticated and granted access to your application based on the product as configured in 10Duke. Their access will be governed in turn by any license they have been granted, via their Organisation, as configured in 10Duke.
Are you a software developer looking to sell more? Learn more from our guides:
You might also be interested in:
A brief introduction to 10Duke’s Licensing Solution. We will go through its main concepts and how to integrate with 10Duke, including delegation of authentication, product configuration and delegation of authorization.