Understanding Defender Licensing (44179)

Understanding Defender Licensing

Understanding Defender Licensing: 

How is Defender licensed? 

What are the different license types?

 

Version 5.8 and above

There are 4 license types:

1. The User license, this license covers the number of users who can be assigned tokens, irrespective of token type. User licenses are cumulative, multiple licenses can be installed.

2. Hardware Token License.  This will be in the form of files that need to be imported (.DPX).  Hardware tokens include GO-3, GO-6 and GO-7.  In addition to the .DPX files provided to import hardware tokens, a data key is required (included with your physical shipment).

3. Defender Soft Token License.  This license covers the amount of native One Identity Defender soft tokens that can be created (Defender Soft Token, e-mail token and SMS token). Token licenses are cumulative, multiple can be installed. Unassigned soft tokens do not consume a soft token license. Non-native One Identity soft tokens such as Google Authenticator, Authy tokens do not consume a Soft Token License.

4. GrIDsure token licenses.   This license covers the amount of native GrIDSure soft tokens that can be created. GrIDsure token licenses are cumulative, multiple can be installed. 


Version 5.7 and below

There are 4 license types:

1. The User license (appears as DEFLIC0000000000 in Active Directory and "Type" is "Defender License".)  This license covers the number of users who will be assigned tokens, irrespective of token type.  User licenses are not cumulative - only one can be installed at a time and it is domain specific.

2. Hardware Token License.  This will be in the form of files that need to be imported (.DPX).  Hardware tokens include GO-3, GO-6 and GO-7.  In addition to the .DPX files provided to import hardware tokens, a data key is required (included with your physical shipment).

3. Defender Soft Token License.  This license covers the amount of Desktop/Soft Tokens that can be created - Blackberry, iTokens, Android etc.  Token licenses are cumulative, multiple can be installed. Unassigned soft tokens do consume a soft token license. In Defender 5.7 the "Universal Desktop Token" license was also introduced.

4. GrIDsure token licenses.   This license covers the amount of native GrIDSure soft tokens that can be created. GrIDsure token licenses are cumulative, multiple can be installed. 

The "Universal" license (appearing as "PGODTL_UNIVERSAL" in AD) and replaces individual Desktop Token licenses.  When upgrading to 5.7 the existing token licenses will be converted to ‘Universal’ Desktop Token licenses and will allow for any type of token to be generated.  Thus, the Universal license allows for any "soft" token to be created without relying on a specific license type for that token type, i.e. Blackberry or Android.

For more information on Defender license requirements, please refer to the Installation Guide: Defender 5.7 – Installation Guide.

NOTE: In Defender 5.7 and below, when requesting a new user license from either your sales representative or Licensing, be sure to let them know the total number of users you need licensed.  User license files do not get appended when you import them, so any license being imported must be for your total needs and not a fraction of the total.

Licensing in AD Example: Token licenses are per forest not per domain. Although the one Token license could be stored in the child domain 1 and another in child domain 2, they are effectively global licenses. No distinction is made when a token is programmed as to which license is used.