LICENSING
      Back to home
      1. Safetica
      2. GET STARTED with Safetica
      3. LICENSING

      Licensing in Safetica

      Safetica utilizes user-based licensing to protect users who work with data. Learn how user-based licensing works, how are user accounts detected, and what is actually considered a "user account".

      In this article, you will learn:

       

      Introduction: What is user-based licensing

      Many industries are shifting from using company devices to hybrid environments, so the “user account” (identity) is becoming the central point. For this reason, the licensing of Safetica is user-based and the customers themselves decide which users they want to protect. These users are licensed, and the customer only pays for them.

       

      How are user accounts detected and protected in Safetica

      Safetica detects active user accounts (not active devices), which means:

      1. Local accounts that performed an action on a device with installed Safetica Client.
      2. Accounts that were synced from Active Directory or Azure Active Directory (Entra ID).

      All detected user accounts are protected by Safetica by default, which means:

      • Each newly detected user account is assigned a license. If a user shouldn’t be licensed, their license can be removed and used for someone else.
      • Safetica policies will start applying to the user.
      • The user is added into the Users list and the user tree in Safetica console.
      • If the user comes from Active Directory: they will appear in the appropriate Active Directory organizational unit.
      • If the user is detected after using a device with installed Safetica Client: they will be assigned into the Unknown Policies set up for the Unknownteam will start applying to them.

       

      What is considered “a user account” and how are licenses assigned

      Safetica counts the number of user accounts and licenses like this:

      • A local user account = 1 account = 1 license
      • A local user account that appears on multiple devices = 1 account = 1 license
      • Multiple local accounts on the same device = multiple accounts = multiple licenses
      • System accounts = not licensed and not protected by default = 0 licenses
      • User account synced from AD = 1 account = 1 license
      • User account synced from AAD (Entra ID) = 1 account = 1 license

      Safetica can pair AD and AAD (Entra ID) accounts. This means that:

      • User account synced from AD paired with AAD account = 1 account = 1 license
      • Local user account paired with AD user account = 1 account = 1 license
      • Local user account paired with AAD account = 1 account = 1 license

      Terminal servers: the use case is the same as for multiple accounts on one device. That means:

      • Multiple local accounts connecting to a terminal server = multiple accounts = multiple licenses

      Example: A user who works on several devices under one account is considered one user account in Safetica and consumes one license. A user that works on one device under a local account and under an unpaired Active Directory account is considered two user accounts in Safetica and consumes two licenses.