10Duke 101 – Understanding the Basics of 10Duke Licensing

Software Activation – The Good, The Bad and the Modern
12th May 2021
Licensing As a Service – Why It’s the Modern Way of Software Licensing
13th December 2021
Show all

10Duke 101 – Understanding the Basics of 10Duke Licensing

10Duke 101 - Understanding 10Duke Licensing

This blog is a brief introduction to 10Duke's licensing solution – 10Duke Enterprise.

We will go through its main concepts and how to integrate with 10Duke, including delegation of authentication, product configuration and delegation of authorization.


The Basics of 10Duke Licensing


Basic Concepts

10Duke Enterprise is a cloud-based licensing solution that allows you to configure, issue and manage the licenses you sell to your customers. It can be used by any company that is writing, publishing and providing access to software applications on specific licensed terms.

10Duke Enterprise can be used to control access to web-based applications, mobile applications, desktop applications, plug-ins, embedded software as well as devices.

We use the term ‘control access’ rather than ‘sell’ deliberately. When software is licensed it doesn’t mean that it has necessarily been sold. Software can be provided free of charge, but access to it still may need to be controlled in some way (think a free trial, for example). 10Duke allows you to license your software, regardless of whether or not you are selling it or providing it at no cost.

The information provided below outlines the standard way in which 10Duke Enterprise is normally implemented and is designed to give you an overview of the key concepts underpinning the 10Duke licensing solution.

If your requirements are not identical to the scenarios outlined below, don’t worry. The 10Duke solution is very flexible and can most likely support your requirements. Please get in touch and we’d be happy to discuss your requirements in more detail.

There are a few main components to the 10Duke solution:


1. An Identity Management API

This is a customer identity management API that holds the user profiles of the human end users of your application. If you sell B2B, these users will be the employees or contractors of your customers. If you sell your software directly to end consumers, these individuals are your customers.

2. An Entitlement Management API

This is an API that lets you define the products you are licensing. This might be a single application or features within an application. Each aspect of your product that you want to control for the purposes of licensing you need to name in 10Duke. We call these ‘licensed items’. Licensed items can then be grouped into “Product Packages” (i.e. combinations of features that make up an application or combinations of applications that make up a suite of products). To these product packages you then apply a license model (subscription, consumption, floating etc.) and can grant the license to the company or user who has licensed it.

3. An Event API

Every event that occurs in either the Identity or the Entitlements backend is recorded by the Event API. You can then make queries to the Event database via its API in order to interrogate the data and to learn how customers use your applications, your licenses and features of your applications. The event trail is primarily used for business intelligence or audit purposes.

4. Administration Modules

As the name suggests, these are web-based applications that allow different types of roles to administer all or specific aspects of the 10Duke solution. There are two main admin applications:

1. SysAdmin - a tool used by you, the application vendor, to configure licenses, products, and manage users. Access to SysAdmin provides administrative control of a 10Duke solution – think of it as your control panel.

2. OrgAdmin - this tool is similar to SysAdmin but more narrowly scoped. It is used by an end customer administrator to manage the licenses they have purchased from you and to manage the users who are able to access these licenses. This will allow them to self-manage and saves you time and effort.

Login Application - a component that you can use to implement authentication-related services for end users. It also provides a web-based login page, and profile pages where end users can manage their personal profile information, change or reset their password, and enable two-factor authentication (2FA) for themselves (if you choose to offer this feature to your customers).


Learn more about SysAdmin here, and about OrgAdmin here.

To learn more about the 10Duke APIs, see the Solution Components section on our documentation site.


Deployment Model

10Duke Enterprise is an API-based solution. The main APIs that 10Duke provides are available as REST-based APIs.

10Duke Enterprise is deployed from AWS and the backend applications are provided to you on a as-a-Service basis. There is no need for you to worry about management of the 10Duke applications. In order to integrate with 10Duke Enterprise, you simply need to modify your software applications to call the 10Duke APIs in order to execute certain operations, request data or post data.

10Duke does support on-premise licensing where your application is used in an air gapped network or similar scenario where there is no connection to the Internet available. Please contact us for more information.


How to Integrate With 10Duke

In order to integrate with 10Duke Enterprise, you will first need access to an Evaluation environment. This environment will be deployed for you by a 10Duke Delivery Team (please contact us if you wish to have an Evaluation environment deployed for you). 10Duke is a single tenant solution so it will be configured to suit any specific requirements you may have.

The three initial integration steps you will need to follow are:


1. Delegation of authentication to 10Duke

The 10Duke solution introduces an initial sign-in step when a user tries to use the application you are licensing to them. The sign-in process authenticates the end user by checking that they have provided the correct username (usually email) and a strong password. 2FA may also be required at this step, but that is an optional feature you can enable.

In your application, you will need to introduce this log-in form to your application. Depending on the UI technology being used by your app, 10Duke provides some libraries that you can use to make this process quicker.

When the user signs into your application, it will delegate the responsibility for making the authentication decision (i.e. checking that the username and password are correct) to 10Duke using the 10Duke Authentication API. If the login details are correct, 10Duke will return an access token to your application which it will then use to make a second call to 10Duke, this time to the 10Duke Entitlement API, to check if the user has a license to the specific application or feature of an application that they are trying to access.

Depending on the type of application you are trying to license, the authentication process will follow a particular ‘flow’ specified by either the OAuth 2 or SAML 2 standard. Both of these are protocols used for the purposes of authentication. Your 10Duke Delivery Team will recommend the best flow for you to use, based on your specific requirements.



2. Product Configuration

To configure the products you want to license using 10Duke, you will need access to the 10Duke SysAdmin web application. Your 10Duke Delivery Team will provide this. There is a detailed SysAdmin User Guide available separately, so the following section will just provide a summary overview.

There are five steps in configuring your products:

  1. Create a licensed item - this is a specific term used within 10Duke to refer to the application that you are licensing. A licensed item can be a whole application or it can represent a feature of an app. If you want to license your application based on different feature combinations, then you should describe each of these features separately as a separate licensed item.
  2. Create a license model - this is the business rule against which you are providing your application to the end customer. For example, it might be a simple perpetual license model, a subscription model or a floating license model.
  3. Create a product package - this is done by combining any groups of licensed items together in one package and then applying a license model to it. It is this package that is then licensed to the end customer and would typically correspond to what they understand they have purchased from you.
  4. Create an Organisation and users belonging to that Organisation to which your product will be licensed
  5. Create an Entitlement which is basically a connection between a product package and the group of users who are authorised to use that product under license. There are two explicit steps that need to happen in order to ‘enable’ a license:

    - Grant licenses to all of the licensed items within a product package within specific Entitlement.

    - Grant access for a specific group of users to that Entitlement

    Please keep in mind that SysAdmin provides a visual and interactive means of accomplishing the above listed tasks. The same tasks can be carried out directly via the API as well.


3. Delegation of authorization

Once your application is able to successfully authenticate an end-user signing in and it can receive the access token, and you’ve got your products configured, the next step is to make a license consumption call. As the name suggests, this is when your application is checking that the specific user has been authenticated and has access to a license for the particular application or application feature that they are trying to access.

With the 10Duke Entitlements API, it is important to note that there are two different APIs that your application calls, depending on the operation:

1. For CRUD operations, in order to configure, edit and manage licenses, license models, product packages and licensed items, the Entitlement REST API is used.

2. To check licenses exist and make license consumption calls, your application will use the 10Duke Entitlements Authz API

If your application makes a license consumption call that is successful, it will receive a signed and encrypted JSON Web Token (JWT). This token contains information about the license the user has access to, including the licensed items and the validity period of the token. This token is then stored locally by the client machine.

The next time your application makes a license check (the frequency of which is set by you) it will look for the JWT token stored locally in the first instance. As long as the token is valid the client application will operate as it should without any need to make a further call to our backend. However, when the JWT token expires, then your application will need to make another license consumption call to 10Duke backend to refresh the token.


The Basics Complete

If you have implemented the three main steps above, you will now have a basic implementation of a 10Duke licensing solution up and running.

A new user should be able to login to your application, they will be seamlessly authenticated and granted access to your application based on the product as configured in 10Duke. Their access will be governed in turn by any license they have been granted, via their Organisation, as configured in 10Duke.

Click here learn more about 10Duke products or schedule a Discovery Call with us to learn more and to ask questions.

18th July 2024

Choosing the Right Software Licensing Solution if You’re Using FastSpring

8th July 2024

Key Consideration for Software Licensing Solutions: Salesforce

28th June 2024

Simplify Software Licensing Integration with Licensing SDKs

24th June 2024

Password Management For Software Licensing Migrations

Learn best practices for migrating user profiles, enforcing mandatory password resets, and securely handling existing password hashes.    
6th June 2024

Offline Licensing: A Guide for Software Vendors

Discover offline licensing for air-gapped systems, using JWTs and removable media.    
28th February 2024
login-based licensing

Login-Based Licensing: Flexible & User-friendly Approach to Software Licensing

Login-based licensing means to license and control access to software based on user login credentials, simplifying product access.    
9th January 2024
benefits of multi-factor authentication

Why Implement Multi-Factor Authentication (MFA)? A Key to Enhanced Digital Security

Multi Factor Authentication (MFA) involves two or more methods of authentication in order for an individual user to be given access to a system.    
10th May 2023

5 Reasons Why Web Applications Need a Software Licensing Engine

Dedicated licensing engine provides significant value and helps overcome complexity. In this blog we explain the complexity and how to solve it.
7th October 2022
Centralised Licence Management

How Centralized Software License Management Will Increase Your Revenue

License management is typically looked at simply as a cost of doing business. When done correctly, license management can be an engine of revenue growth, removing […]

A brief introduction to 10Duke’s Licensing Solution. We will go through its main concepts and how to integrate with 10Duke, including delegation of authentication, product configuration and delegation of authorization.