Licensing
Axidian Privilege has two licensing schemes:
- by users and resources.
- by sessions (simultaneous connections).
You can only select one licensing scheme per Axidian Privilege installation.
Additionally, regardless of the licensing scheme, you can purchase a licenses for additional functional modules. Such licenses do not affect users' ability to establish a session via PAM or the administrator's ability to grant permissions. Licenses for functional modules limit the use of additional features. These licenses include:
Licensing by Users and Resources
When selecting this licensing scheme, you will need to determine the number of users and the number of resources in your Axidian Privilege installation.
They are set by the number of licenses of the following types:
- User — determines the number of users who can use PAM.
- Resource — determines the number of resources that can be created in PAM.
When selecting this licensing scheme, the number of sessions (simultaneous connections) is not limited. User licenses can be redistributed between employees (revoke licenses from some employees and allocate them to others). Resource licenses can be freed and then taken by other resources.
Any licenses can be purchased additionally.
Issuance
User License
To issue a user license, add at least one active permission to the user. After this, the license will automatically be considered taken by this user. If all user licenses are taken, you cannot add permission to a new user.
Resource License
To issue a resource license, create or restore the resource in Axidian Privilege. After this, the license will automatically be considered taken by this resource. If all resource licenses are taken, you cannot create a new resource.
Revocation
User License
A user license is released when the user has no active permissions left, i.e. as a result of permission actions such as:
- Revocation
- Suspension
- Expiration
Resource License
The resource license is released when the resource is deleted.
Validity Period
Types of licenses according to the validity period:
- Not time limited
- Limited by a specific calendar date
- Trial period
- Subscription
Once the license expires, the following operations will no longer be available:
- Add a resource
- Add a user (even if not taken licenses are available)
- Open a session (connect to a resource)
If you do not have unlimited licenses, connections will no longer be available when the licenses expire.
Licensing by Session
When selecting this licensing scheme, you will need to determine the number of sessions (simultaneous connections that can be opened via Axidian Privilege).
When selecting this licensing scheme, the number of users and resources is not limited.
Issuance and Release
A session license is considered taken at the moment the session is opened and is released at the moment the session ends (the reason for termination is not important).
Validity Period
Types of licenses according to the validity period:
- Not time limited
- Limited by a specific calendar date
- Trial period
- Subscription
Once the license expires, you will no longer be able to open sessions.
After the license expires, the following operations will remain available:
- Permissions editing
- Created resources editing
- Account editing
If you do not have unlimited licenses, connections will no longer be available when the licenses expire.
AAPM License
The AAPM (Application to Application Password Management) license allows third-party applications to retrieve account secrets from Axidian Privilege.
When purchasing licenses of this type you need to specify the number of accounts that can be accessed using the AAPM.
The number of applications, application users and permissions is unlimited.
The AAPM license is independent of the selected licensing scheme.
The AAPM license can be purchased or removed at any time.
Issuance and Release
An AAPM license is considered taken when the first permission for an application is added to the account.
The AAPM license is released when all permissions are revoked from the account.
Suspension of permission does not release the AAPM license.
Validity Period
Types of licenses according to the validity period:
- Not time limited
- Limited by a specific calendar date
- Trial period
- Subscription
Once the license expires, the following operations will no longer be available:
- Add new permissions to applications
- Use scenarios for third-party applications to retrieve account secrets from Axidian Privilege
Ad hoc Resources License
This license allows you to connect to ad hoc resources. The license does not limit the number of permissions or simultaneous connections to ad hoc resources.
The ad hoc resources license is independent of the selected licensing scheme.
The ad hoc resources license can be purchased or removed at any time.
Validity Period
Types of licenses according to the validity period:
- not time limited;
- limited by a specific calendar date:
- trial period;
- subscription.
When the license expires, the previously created permissions will get the Inactive state, and the following operations will no longer be available:
- add or renew permissions to connect to ad hoc resources;
- open a session to ad hoc resource.
SQL Proxy License
This license allows you to connect to resources of the PostgreSQL type. This license defines the number of active permissions for resources with the PostgreSQL type.
The SQL Proxy license is independent of the selected licensing scheme.
The SQL Proxy license can be purchased or removed at any time.
Issuance
To occupy the SQL Proxy license, add to the user at least one active permission to the resource with PostgreSQL type. If all SQL Proxy licenses are occupied, you cannot add permission to a new user for a resource of the PostgreSQL type.
Revocation
The SQL Proxy license is released as a result of such actions with permissions to a resource with PostgreSQL type, as:
- revocation;
- suspension;
- expiration.
Validity Period
Types of licenses according to the validity period:
- not time limited;
- limited by a specific calendar date:
- trial period;
- subscription.
After the license expires, the following operations will no longer be available:
- add or renew permissions to connect to resources of the PostgreSQL type;
- add users to the user group for which there is an active permission to the resource with the PostgreSQL type;
- add resources to the resource group for which there is an active permission to the resource with the PostgreSQL type;
- select the PostgreSQL type when editing the user connection of the resource for which there is an active permission;
- open a session for the resource with the PostgreSQL type.