Safetica ONE 11 Licensing

Safetica ONE 11 utilizes user-based licensing to protect users who work with data.

The customers themselves decide which users they want to protect. These users are licensed, and the customer only pays for them.

In this article, you will learn:


How “a user account” is defined in Safetica ONE 11

Safetica ONE 11 detects active accounts – i.e. local accounts that performed an action or accounts that were synced from Active Directory. Every detected user account is added into Safetica ONE 11, displayed in the user tree, assigned a license, and protected (i.e. Safetica policies apply to them).

Safetica considers the following as a user account:

  • A local user account found active on a device with Safetica Client that is not in Active Directory nor paired with an AAD cloud account.
  • A user account synchronized from Active Directory that is not paired with an AAD cloud account.
  • A user account found active in AAD cloud by Safetica CASB that is not paired with an Active Directory account.
  • A user account synchronized from Active Directory with a paired AAD cloud account (Safetica is able to pair AD and AAD accounts).

A user account that appears on multiple devices still counts as one user account.

Example: A user that works on several devices under one account is considered one user account in Safetica ONE 11 and consumes one license. A user that works on one device under a local account and under an unpaired Active Directory account is considered as two user accounts in Safetica ONE 11 and consumes two licenses.


System accounts, which are marked as system, are not licensed and protected by default.


How to add new users into Safetica ONE 11?

There are 2 ways new users can be imported into Safetica ONE 11:

  1. The user account uses a device with installed Safetica for the first time.
  2. The user account is synced from Active Directory.


What happens when a new user appears?

When a new user account appears, it is protected by Safetica by default.

A new user account is assigned a license and added into the Licensed user list.

If the user comes from Active Directory, they will appear in the appropriate Active Directory organizational unit.

If the user is detected after using a device with installed Safetica Client, they will be assigned into the Unknown team. Policies set up for the Unknown team will start applying to them.


How are add-ons licensed?

Add-ons (such as Safetica UEBA) are valid for all your purchased Safetica licenses. 


What happens when there are more users than licenses?

Safetica protection will work even when you have more users than licenses. However, you will see a warning in Safetica ONE 11 console that you should either buy more licenses or remove licenses from some users.


Read next:

Users: How to remove and assign licenses

Subscription and license management