Cloud Secure Edge (CSE) Licenses
License types and license distribution to end users in Cloud Secure Edge
- Cloud Secure Edge License Overview
- Cloud Secure Edge License Types in MySonicWall
- Granting Licenses
- Revoking licenses
Cloud Secure Edge License Overview
A license is a token that is assigned to a user in your org; a user is licensed when an admin assigns the user to a service (e.g., a Service Tunnel) and the user has authenticated into the Cloud Secure Edge (CSE) app. Depending on the service assignment, a specific license type will be assigned to the user (license types are outlined below). Admins can purchase a fixed number of licenses, known as their License Entitlement. This is a floating number of licenses available for end users to consume as they access resources or services within Cloud Secure Edge; these licenses are not time-limited.
Cloud Secure Edge License Types in MySonicWall
Licenses are purchased through MySonicWall.
Secure Private Access (SPA) Basic: VPN
- Service Tunnel (VPN as a Service): available as split tunnel or full tunnel
Secure Private Access (SPA) Advanced: Zero Trust Network Access (ZTNA)
- Hosted websites: provide users access to internal websites
- Hosted infrastructure: provide users access to internal infrastructure services
- Private resource discovery: view private resources accessed by end users via Service Tunnel
- IaaS resource discovery: view infrastructure resources accessed by end users for work
Secure Internet Access (SIA) Basic: Compliance-focused Web Filtering
- DNS-based compliance content filtering: block specific internet content to adhere to your org’s compliance standards
- DNS-based malicious content filtering: block users from encountering internets threats
Secure Internet Access (SIA) Advanced: Security-focused Web Filtering
- URL Filtering: determine threats associated with URLs and block or allow access accordingly
- IP Allowlisting: provide users access to specific IP address ranges
- Device Trust for SaaS: evaluate users’ device trust during SaaS sessions
- Internet Resource Discovery: view which public resources end users are accessing for work
Note: Cloud Secure Edge (CSE), formerly known as Banyan Security, previously offered product editions. These editions are no longer available for purchase, but some edition models may still be in use.
Granting Licenses
Licenses can be granted explicitly or implicitly. Licenses can be explicitly granted to an individual user, or licenses can be consumed by a user when an admin assigns that user to a Cloud Secure Edge service (i.e., implicitly granted). Depending on the service assignment or the explicit granting of a license, a particular type of license will be consumed by the user (i.e., either an SIA license or an SPA license).
Steps to Explicitly Grant a license
To explicitly grant a license to a user, complete the following steps:
1. On the Home page of the Cloud Secure Edge (CSE) Command Center, select the Licenses tab.

2. To grant a licenses to a user, either select Licenses in Use (under either the SIA or SPA Licenses plan) and then select a specific user, or navigate from Directory > Users, select a user that you want to grant a license to, and then select the Licenses edit button.
3. An Edit Licenses module will pop up: choose whether to grant your user an SIA License or an SPA License.

4. To view the status of licenses granted to or revoked from a user, see the User details page.

Steps to Implicitly Grant a license
Assign a user in your org to a Cloud Secure Edge (CSE) service:
-
For an SPA license: assign a user’s device to a Service Tunnel or to a Zero-Trust Network Access (ZTNA) service (e.g., a hosted website).
-
For an SIA license: assign a user’s device to an Internet Threat Protection (ITP) policy or to a protected SaaS app in CSE.
Revoking licenses
Licenses can be revoked explicitly or implicitly. A License can be explicitly revoked by selecting the Revoke License option. Depending on the service assignment or the explicit granting of a license, a particular type of license will be consumed by the user (i.e., either an SIA license or an SPA license).
Note: Currently, when an admin revokes a user license, users are not prevented from authenticating to and using CSE services. To ensure that a user in your org cannot access a service after license revocation, either (i) delete the user(s) from CSE (if you’re using local user management) or (ii) block user(s) access from the 3rd-party IDP associated with your user(s).
Steps to Explicitly Revoke a License
To explicitly revoke a license from a user, complete the following steps:
1. On the Home page of the Cloud Secure Edge (CSE) Command Center, select the Licenses tab.
2. Either select Licenses in Use (under either the SIA or SPA Licenses plan) and then select a specific user, or navigate from Directory > Users, and select a user that you want to revoke a license from, and then select the Licenses edit button.
3. An Edit Licenses module will pop up: Select Revoke License on either the SIA or the SPA License option, and then select Done.

Steps to Implicitly (or Automatically) Revoke a License
Remove a licensed user from the user list (i.e., delete a user in the CSE Command Center or delete a user in SCIM); the revoked license will return to the pool of licenses available to use.
Note: As mentioned above, the user’s license will not be revoked when the user is unassigned from a service.