LICENSING
      Back to home
      1. Safetica
      2. GET STARTED with Safetica
      3. LICENSING

      How licensing works in Safetica

      Safetica utilizes user-based licensing to protect users who work with data. Learn how user-based licensing works, how are user accounts detected, and what is actually considered a "user account".

      Article last updated: June 2024.

       

      In this article, you will learn:

       

      Introduction: What is user-based licensing

      Many industries are shifting from using company devices to hybrid environments, so the “user account” (identity) is becoming the central point. For this reason, the licensing of Safetica is user-based and the customers themselves decide which users they want to protect. These users are licensed, and the customer only pays for them.

       

      How are user accounts detected and protected in Safetica

      Safetica detects active user accounts (not active devices), which means:

      1. Local accounts or Active Directory accounts that performed an action on a device with installed Safetica Client
      2. Accounts synced from Entra ID that performed an action.

      ✍️All detected user accounts are protected by Safetica by default, which means:

      • Each newly detected user account is assigned a license. If a user shouldn’t be licensed, their license can be removed and used for someone else.
      • Safetica policies will start applying to the user.
      • The user is added into the Users list and the user tree in Safetica console.
      • If the user comes from Active Directory: they will appear in the appropriate Active Directory organizational unit.
      • If the user is detected after using a device with installed Safetica Client: they will be assigned into the Unknown team. Policies set up for the Unknown team will start applying to them.

      ✍️Only active user accounts are licensed

      User accounts (local, Active Directory, Entra ID) that did not perform an action in the last 90 days are considered inactive and do not count toward the number of licensed users.

      Also, accounts that are no longer synced from Active Directory or Entra ID are considered inactive and do not count toward the number of licensed users.

      You can see which users are inactive in the Users section.

       

       

      What is considered “a user account” and how are licenses assigned

      Safetica counts the number of user accounts and licenses like this:

      • A local user account = 1 account = 1 license
      • A local user account that appears on multiple devices = 1 account = 1 license
      • Multiple local accounts on the same device = multiple accounts = multiple licenses
      • System accounts = not licensed and not protected by default = 0 licenses
      • User account synced from AD = 1 account = 1 license
      • User account synced from Entra ID = 1 account = 1 license

      ✍️Safetica can pair AD and Entra ID accounts. This means that:

      • User account synced from AD paired with Entra ID account = 1 account = 1 license
      • Local user account paired with AD user account = 1 account = 1 license
      • Local user account paired with Entra ID account = 1 account = 1 license

      Terminal servers: the use case is the same as for multiple accounts on one device. That means:

      • Multiple local accounts connecting to a terminal server = multiple accounts = multiple licenses

      Example: A user who works on several devices under one account is considered one user account in Safetica and consumes one license. A user that works on one device under a local account and under an unpaired Active Directory account is considered two user accounts in Safetica and consumes two licenses.