10Duke Enterprise release 3 documentation is no longer being updated

Organizations, users, and devices

In 10Duke Enterprise, organizations and users are the entities for which you create entitlements and grant licenses.

User groups and device client groups are the entities used for authorizing users and device clients to access organization licenses.


Organizations in 10Duke Enterprise represent the customer companies who have purchased your products.

You can also use organizations to represent your resellers, if you’re provisioning licenses using activation codes that you’re distributing through resellers.

When you have a new customer company, you start by creating an organization for them. All information in 10Duke Enterprise related to the company will be associated with the organization, such as the company’s end users and administrator users, the licenses that the company has purchased, and the user groups and device client groups that are authorized to consume those licenses.

You can manage organizations either using the 10Duke SysAdmin tool or through the 10Duke Identity Management REST API.


With user groups and device client groups, you manage license assignments to your B2B customers’ users and device clients with less time and effort. This makes especially large-scale license management use cases easier to handle.

After setting up groups for an organization and adding users and device clients to the relevant groups, you can authorize and revoke user and device client access to organization licenses at the group level.

How groups are used depends on your customer’s needs. For example, a common use case for user groups is that a company wants to control access in a different way for their employees and their contractors, and manages these users in separate groups. Another example use case is to create separate groups for users who need short-term access to the licensed software, for example, for the duration of a project.

You authorize groups to use licenses per entitlement.

Take these steps to authorize users or device clients to consume an organization’s licenses:

  1. Create the necessary user groups and device client groups for the organization.

  2. In each of the organization’s entitlements, define which groups are authorized to access the licenses.

  3. To give users and device clients access to licenses, add them to the applicable user groups and device client groups respectively.

    If you later need to revoke a user’s or device client’s access to licenses, remove the user or device client from all the groups that are authorized to consume those licenses.

(You cannot authorize an individual user or device client to consume organization licenses directly in the entitlement—the authorization always comes through a group.)

You can manage groups using SysAdmin or the Identity Management REST API and authorize them to access licenses using the 10Duke Entitlement Management REST API.

You can also allow organizations to manage their own groups in the 10Duke OrgAdmin tool.


In 10Duke Enterprise, you create user accounts for the end users who consume licenses. These registered users can be either your direct B2C customers or users in your B2B customer organizations.

A user’s access rights depend on their user roles and the licenses they have access to:

  • A user’s access to your licensed software depends primarily on which licenses they have been authorized to use.

  • A user’s roles determine their access rights to the data of the organizations they belong to. If needed, additional role-based control can also be applied in client applications.

New users can be created into 10Duke Enterprise, for example, by sending them an email invitation, which they need to accept to get a user account. To give the users access to an organization’s licenses right away when they sign up, you can invite them directly to the applicable user groups.

You can manage user accounts either using SysAdmin or the Identity Management REST API, or you can allow your customer organizations to invite and manage their own end users in OrgAdmin.

Users can also be automatically provisioned to 10Duke Enterprise using an integration to an external identity provider. By default, the minimum data that the external identity provider must provide on a user is the user’s first name, last name, and email address.

You also create user accounts for 10Duke Enterprise administrators: your own system administrators as well as the organization administrators of your customer companies, if you’re providing customers with OrgAdmin access.

Device clients

You create device clients in 10Duke Enterprise to allow end users to access your licensed software application without having to register, for example, in use cases where end users need to use the software on a shared device.

Access to your software application is still tied to a license, but the license is consumed by the device (a machine or PC) on which the software is running, instead of the end user using the software. The end users don’t need to be registered users in the system.

Each device is defined in the system as an OAuth client that is owned by a specific organization. The device client authenticates itself to 10Duke Enterprise using the OAuth client credentials grant flow. A device client can consume licenses from the organization based on the device client groups it belongs to.

New device clients are created into 10Duke Enterprise by invitation. The invitation is sent, for example, to the device administrator, who accepts the invitation on the device where your software is running.

You can manage device clients either using SysAdmin or the Identity Management REST API, or you can allow your customer organizations to invite and manage their own device clients in OrgAdmin.