Machine Accounts
NOTE Relevant only for administrator users.
A machine account represents a set of cloud licensing permissions that grant authorization rights to an end user to access protected applications. Machine accounts are an integral part of cloud licensing. Cloud licensing (also known as CL) refers to licensing that is hosted by Thales on a service-hosted, cloud license manager server.
Each machine account is defined for a specific end user. When you create a machine account, you add the name and email address of the end user that receives email notifications, and you set the permissions.
The Machine Accounts Page
In the navigation pane, click Machine Accounts to open the Machine Accounts page.
Viewing Machine Account Details
The following table describes the details that are available on the Machine Accounts page.
| Attribute | Description | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Status |
The Status attribute available on the Machine Accounts page specifies the status of a machine account: >Enabled: The end user can access the protected application that was shared when creating or updating the machine account. You can disable a machine account when needed. >Disabled: The end user cannot access the protected application that was shared when creating or updating the machine account. You can enable a disabled machine account when needed. >Out-of-Sync: Displayed only when the most recent change to the machine account was not synched successfully. If you see this indicator, try to restart the synchronization process by clicking the |
||||||||||||||||||||||||||||
| Name |
Unique name of the end user of the protected application. This is the user for whom you are creating this machine account. The name is used in the greeting of the Sentinel LDK Machine Account Certificate email, which can be sent to the end user of the protected application when the machine account is created and updated. |
||||||||||||||||||||||||||||
| Email address of the machine account. Used to send email notifications to the end user of the protected application when the machine account is created and updated. | |||||||||||||||||||||||||||||
| Identity Code |
An identity code is a unique, read-only, 7-character string. The identity code is part of the full identity string that specifies the client identity for the machine account as defined in the cloud licensing service database. When the end user clicks the link in the email notification that is sent when you create a machine account, the identity string is installed on the end user's machine. If you disable Send Notification, then you must provide the identity string to the end user in some other way, as the end user must install this identity string on their machine to use the protected application. When the end user runs a protected application, the local license manager uses the identity string to consume a license from the service-hosted, cloud license manager server. If the end user has the appropriate permissions, the end user can use the identity string to detach a license from the service-hosted, cloud license manager server and then run the protected application offline. See also: Copy Identity Link and Copy Identity String |
||||||||||||||||||||||||||||
| Creation Date | The date and time (UTC) that the machine account was created. | ||||||||||||||||||||||||||||
| Actions |
Actions that can be performed on the machine account:
|
||||||||||||||||||||||||||||
|
Machine Account Attributes tab: Displays the attributes related to machine accounts (described above) plus Send Notification and Created By. |
|||||||||||||||||||||||||||||
|
Permissions tab: Displays the cloud licensing permissions defined for the machine account. For details, see Permissions. |
|||||||||||||||||||||||||||||
|
Registered Machines tab: Displays information about the client machines that are registered to the machine account. For details, see Registered Machines. |
|||||||||||||||||||||||||||||
Synchronize button in the Actions column. If synchronization still fails, then contact your system administrator for assistance. 
Creating a Machine Account
You create a machine account from the Machine Accounts page.
To create a machine account:
1.From the navigation pane, select Machine Accounts to view the Machine Accounts page.
2.Click the Add Machine Account button.
3.Fill in the machine account attributes and modify the cloud licensing permissions if needed.
4.In the Permissions area, if you set Allow Access to All Associated Products to No, associate at least one product with this machine account.
5.Click Save.
Machine Account Attributes
The following table explains the attributes that are used to create a machine account:
| Attribute | Description | Required/Optional | Valid Values |
|---|---|---|---|
| Name |
Unique name of the end user of the protected application. This is the user for whom you are creating this machine account. The name is used in the greeting of the Sentinel LDK Machine Account Certificate email, which can be sent to the end user of the protected application when the machine account is created and updated. |
Required |
1 to 64 characters |
| Email address of the machine account. Used to send email notifications to the end user of the protected application when the machine account is created and updated. | Required |
>A valid email address >Up to 100 characters >Cannot contain: spaces and \ () [] : ; “ <> >Cannot start with a '.' >Cannot contain double .. >Cannot contain double @@ |
|
| Send Notification |
Send a notification to the account email address after the machine account is created. If you set this value to No, then you must provide the identity link to the end user in some other way, as the end user must install the identity string on their machine to use the protected application. The identity link is available by clicking Copy Identity Link for the relevant account in the Machine Accounts grid. |
Required |
Yes OR No Default: Yes |
| Identity Code |
An identity code is a unique, read-only, 7-character string. The identity code is part of the full identity string that specifies the client identity for the machine account as defined in the cloud licensing service database. When the end user clicks the link in the email notification that is sent when you create a machine account, the identity string is installed on the end user's machine. If you disable Send Notification, then you must provide the identity string to the end user in some other way, as the end user must install this identity string on their machine to use the protected application. When the end user runs a protected application, the local license manager uses the identity string to consume a license from the service-hosted, cloud license manager server. If the end user has the appropriate permissions, the end user can use the identity string to detach a license from the service-hosted, cloud license manager server and then run the protected application offline. See also: Copy Identity Link and Copy Identity String |
N/A | Automatically generated when a machine account is created successfully. |
Permissions
The following table explains the permission attributes. You can modify the expiration date and select the products that the end user can access. All of the other attributes are read-only.
| Attribute | Description |
|---|---|
| Maximum Number of Registered Machines |
A client machine may be automatically registered with the machine account when a protected application runs for the first time. Possible values: >1-10. The maximum number of client machines that are allowed to use this machine account. Each machine is automatically registered the first time it accesses the license server machine to run the protected application. When the maximum number of machines are registered, no additional machines can use the machine account. >Unlimited. An unlimited number of client machines are allowed to use the machine account. The client machines are not registered. |
| Expiration Date |
Date on which the client identity (represented by the Identity Code) expires for the machine account. Possible values: >An expiration date >Never expires To set an expiration date: a.Clear the Never Expires check box. b.Do one of the following: –Set the date. –Click the calendar icon to display a calendar. Use the calendar to select the expiration date. –In the Days field, specify the number of days the client identity should remain active. Regardless of which field (calendar or days) you use to specify the duration of the client identity, the other field is automatically updated so that the two fields remain synchronized. |
| Allow Online Connection to Licenses |
Enables a client machine with an installed identity string to consume a license. |
| Allow License Detaching |
Enables a client machine to "detach" (download a copy of) the license for a protected application. This enables the client machine to use the license without having to poll the license server. Detached licenses are valid for a specified time period after which the detached license expires. If needed, the client machine can then try to detach another copy of the license. |
| Allow Concurrency for Detached Licenses |
Enables a client machine to detach one or more copies of the license for a protected application. This enables concurrent access to the license on the machine that receives the detached license. For example, if there are 10 concurrent instances available on the service-hosted, cloud license manager server, and the license that is detached contains 5 concurrent instances, then 5 concurrent instances will be available on the machine with the detached license. |
| Allow Access to All Associated Products |
Specifies whether the client machine can access licenses for some or all available products. >Select Yes to enable a machine to access licenses for all available products. >Select No to enable the machine to access licenses only for specific products. Then select the required products as described below. To view a list of all products that are available for the machine account: Select No. The Available Products area is displayed.
To associate all products with the machine account: Select Yes. All available products are automatically associated with the machine account. To associate specific products with the machine account: 1.Select No. The Available Products area is displayed. 2.Click the relevant products to move them to the Associated Products area. To remove products from a machine account: In the relevant product row, click |
Registered Machines
Client devices may be registered automatically when an end user opens a protected application. Administrator users can view and manage the list of registered machines for each end user.
| Attribute | Description | ||
|---|---|---|---|
| Status |
The status of the registered machine. >Enabled: The end user can use the machine to access protected applications. >Disabled: The end user cannot use the machine the access protected applications. This can occur only if the vendor or administrator user disables the machine. |
||
| Machine Name | The name of the device as defined in the system settings. | ||
| IP Address |
The IP address of the client machine. |
||
| Host User Name | The name of the end user that logs in to the machine to use the protected application. | ||
| Registration Date | The date that the machine was registered, which is usually the date that the end user logged in to the protected application for the first time. | ||
| Actions | The actions that you can perform for this registered machine for the machine accounts that you manage. | ||
|
Opens a confirmation box that enables you to change the status of an enabled machine to Disabled. This prevents the end user from accessing protected applications on the registered machine. |
||
|
Opens a confirmation box that enables you to change the status of a disabled machine to Enabled. |
||
|
(Not recommended) Opens a confirmation box that enables you to permanently remove the machine from the service-hosted, cloud license manager server. To enforce the Maximum Number of Registered Machines, we recommend that you disable a registered machine instead of deleting it. |
||
|
Connects to the service-hosted, cloud license manager server to synchronize a machine account. Displayed only when the most recent change to the machine account was not synched successfully. If you see this indicator, try to restart the synchronization process by clicking the |
||