Cloud Secure Edge (CSE) Licenses

License types and license distribution to end users in Cloud Secure Edge

  • Updated on Dec 12, 2024
  • 5 minutes to read
  • Contributors

Cloud Secure Edge License Overview

A license is a token that is assigned to a user in your org; a user is licensed when an admin assigns the user to a service (e.g., a Service Tunnel) and the user has authenticated into the Cloud Secure Edge (CSE) app. Depending on the service assignment, a specific license type will be assigned to the user (license types are outlined below). Admins can purchase a fixed number of licenses, known as their License Entitlement. This is a floating number of licenses available for end users to consume as they access resources or services within Cloud Secure Edge; these licenses are not time-limited.

Granting Licenses

Licenses can be granted explicitly or implicitly: Licenses can be explicitly assigned to an individual user, or they can be consumed by a user when an admin assigns that user to a Cloud Secure Edge service, as explained above. Depending on the service assignment or the explicit granting of a license, a particular type of license will be consumed by the user (i.e., either an SIA license or an SPA license).

Cloud Secure Edge License Types in MySonicWall

Licenses are purchased through MySonicWall.

Secure Private Access (SPA) Basic: VPN
  • Service Tunnel (VPN as a Service): available as split tunnel or full tunnel
Secure Private Access (SPA) Advanced: Zero Trust Network Access (ZTNA)
  • Hosted websites: provide users access to internal websites
  • Hosted infrastructure: provide users access to internal infrastructure services
  • Private resource discovery: view private resources accessed by end users via Service Tunnel
  • IaaS resource discovery: view infrastructure resources accessed by end users for work
Secure Internet Access (SIA) Basic: Compliance-focused Web Filtering
Secure Internet Access (SIA) Advanced: Security-focused Web Filtering
  • URL Filtering: determine threats associated with URLs and block or allow access accordingly
  • IP Allowlisting: provide users access to specific IP address ranges
  • Device Trust for SaaS: evaluate users’ device trust during SaaS sessions
  • Internet Resource Discovery: view which public resources end users are accessing for work

Note: Cloud Secure Edge (CSE), formerly known as Banyan Security, previously offered product editions. These editions are no longer available for purchase, but some edition models may still be in use. If you’re interested in learning about how license consumption works in the old editions model, refer to the section below.

Manage Licenses

Admins can grant and revoke user licenses.

Grant a license

To explicitly grant a license to a user, complete the following steps:

1. On the Home page of the Cloud Secure Edge (CSE) Command Center, select the Licenses tab.

2. To grant a licenses to a user, either select Licenses in Use (under either the SIA or SPA Licenses plan), and then select a specific user or navigate from Directory > Users, select a user that you want to grant a licenses to, and then select the Licenses edit button.

3. An Edit Licenses module will pop up: choose whether to grant your user an SIA License or an SPA License.

4. To view the status of licenses granted to or revoked from a user, see the User details page.

Revoke a license

Note: Currently, when an admin revokes a user license, users are not prevented from authenticating to and using CSE services. To ensure that a user in your org cannot access a service after license revocation, either (i) delete the user(s) from CSE (if you’re using local user management) or (ii) block user(s) access from the 3rd-party IDP associated with your user(s).

2. If using a 3rd-party IDP, manage user(s) access from the IDP.

To explicitly revoke a license from a user, complete the following steps:

1. Repeat Steps 1 to 3 in the Grant a license section above, except in Step 3, select Revoke License.

License consumption on the Editions model

On the Editions model, a license is consumed if a user has been active at least once over the past 90 days.

Note: Even users that have been archived or deleted are considered an Active User and will consume a license if such users have been active at all (i.e., accessed a service or Service Tunnel or checked in on a device that has an ITP policy associated with it) within the last 90 days.

What is an Active User?

An Active User is one of the following:

  • a user who has accessed a published service or Service Tunnel within the last 90 days;
  • a user (i) whose device has an Internet Threat Protection (ITP) policy assigned to it and (ii) who has checked in within the last 90 days.