Configure On-Premise License Manager

How to open the Settings dialog

  1. Open the On-Premise Licensing Portal in your browser, and log in with the system administrator user name and password you specified during the License Server installation.

  2. On the On-Premise Licensing Portal, click settings-b.png Configure Settings at the top right:

    Opening the On-Premise License Server settings

    The Configure Authentication Method dialog box will appear:



To open the On-Premise License Server in your browser, use: license-server-address:port, for example, localhost:40892.


The Method tab (pictured above) allows you to select the preferred option to access the server. When the Access for everyone is selected, the License Server is configured as follows:

  • It gives a license seat to any user registered in your network domain for all licensed products.

  • License admins do not need to assign licenses to users in the Licensing Portal.

  • License admins cannot revoke a license from a given user.

  • Users don’t need to enter their credentials to get a license seat.

  • All users appear as anonymous.user in the Licensing Portal.

See below for LDAP and OIDC descriptions.


Settings on the LDAP tab (pictured below) specify the LDAP provider to which the On-Premise License Server connects to get information on user accounts. By configuring LDAP:

  • License administrators can assign license seats to users by users’ distinguished names ("User DN").

  • License users enter their User DN and password to take up a license seat.

  • Your teammates can log in to the Licensing Portal by using their User DNs and passwords.


Your network administrator can help you specify the values requested in these fields. Here are definitions for them:




LDAP server URL

User DN

User Distinguished Name: The user account used for the "Bind and Search" operation against your LDAP domain – often the login email address


The password for the User DN LDAP Account – often the login password


The LDAP Search Base for all License Management users. Any user attempting to log in must be inside the base search.

User Group DN

User Group Distinguished Name: The Fully Qualified Distinguished Name (FQDN) of an LDAP security group. Users must be members of this group to log in to an ID-based SmartBear product.

The License Server implements standard LDAP algorithms and should be able to work with any Windows and Linux LDAP providers.

Click Test to check the connection to your LDAP provider. If the connection fails, double-check the settings and check again. Save the changes when you are done.

Configure LDAPS

LDAPS is configured by adding the CA certificate to the application's trusted store. Find out about requesting a CA certificate in our Certificates section, then follow these steps:

  1. Locate file slm_service.vmoptions in the License Management installation folder:

    • Windows:C:\Program Files\SmartBear\LicenseManager\bin

    • Linux:/opt/SmartBear/LicenseManager/bin

  2. Open it in a text editor and add the following parameters:


OpenID Connect - OIDC

Settings on the OpenID Connect (OIDC) tab (pictured below) specify the configuration that allows the On-Premise License Server to access information stored in the authentication server.

The On-Premise License Manager implements the authorization code flow and needs to obtain client id and client secret so users can log in with the OIDC identity provider (IDP).


The License Manager must be configured as an application on the OIDC identity provider (IDP) side, for example, Okta. Use the callback URL displayed in the OIDC settings as the redirect URI.

client ID and client secret are unique identifiers that will be used to authenticate the On-Premise License Manager with your OIDC server.

By configuring OIDC:

  • License administrators can assign license seats to users by users’ names.

  • Your teammates can log into the Licensing Portal using their OIDC credentials.


Here are definitions for the values requested in the configuration fields:




Descriptive name of the configuration


OIDC server URL


Toggle the switch to use the PKCE-enhanced Authorization Code Flow. For more information, see Authorization Code Flow with Proof Key for Code Exchange (PKCE) from Okta.

Client ID

Unique identifier for the On-Premise License Manager on the OIDC server

Client secret

Unique string paired with the Client ID value for the On-Premise License Manager on the OIDC server


Scopes are permissions that your application will need to access user data. You will need to add openid, profile. In some environments, the email scope will also be required. The OIDC server will only grant the scopes that you have requested.

User Name

Field in the token that contains user data. This depends on you OIDC server configuration. Common fields for storing user data in OIDC tokens include email and name.

Group Filter Enabled

Toggle the switch to use group filtering and manage access control based on the group membership.

Group Name Field

Field in the token that contains group data, for example, company or department

User Group Filter

To grant permissions to resources, add values configured on the OIDC server that match the client's requirements.

Admin Group Filter

To grant administrator permission, add values configured on the OIDC server that will assign elevated scopes.

Callback URL to be registered on the OIDC server

Use this URL as the redirect URI in the OIDC server settings.

Test your configuration.

After configuring the OIDC method, the Log in with OIDC button shows on the login page. Users must use this button to log in.


For more information on Open Connect ID, see How Open ID Connect Works.

How settings affect user authentication

The License Server settings specify how the Server gets information on user accounts in your network and how it authenticates users. The following table provides a brief overview of the setting effect:



License admin needs to

assign licenses to users on

On-Premise Licensing Portal

Users need to enter

their credentials on

product start

Access for everyone












Log in with OIDC is added as a login option

Save or discard changes

  • The Save button on a page remains disabled until you change some settings on this page.

    The button saves the changes made to this page only.

  • After you change a setting on some page, the dialog displays the Discard Changes button (initially, the button is hidden). Click it to discard all the changes made to the settings on this page.


The basic SmartBear On-Premise License Server installation configures the server to handle requests over standard HTTP. In many environments, this is sufficient as the network is trusted. However, some organizations require that all network applications be secured with Transport Layer Security (TLS) or Secure Sockets Layer (SSL).

SmartBear On-Premise License Server supports HTTP over TLS (or HTTPS), but this requires additional manual server configuration. Additionally, you may enable the redirection from HTTP to HTTPS and enable the HTTP Strict Transport Security (HSTS) policy mechanism.

Configure for HTTPS

Follow the below set-up steps. They are for Windows – Linux is similar. Open a ticket with Support if you need assistance:

  1. Acquire a certificate

    To authenticate to clients, the On-Premise License Server must have a certificate that serves as proof of identity. Certificates come in two forms: Certificate Authority (CA) signed certificates and self-signed certificates.

    Option 1: CA-signed certificate

    CA-signed certificates provide an additional level of security because they can be automatically verified and do not rely on human verification. By providing you a certificate, the certificate authority is vouching for your identity. Software systems such as web browsers and the Java Runtime Environment (JRE) include the public keys of the trusted certificate authorities that are used to verify server certificates were vouched for by a trusted CA.

    go.gifTo acquire an SSL CA-signed certificate, contact the appropriate person in your IT department, requesting a Subject Alternative Name (SAN) extension that matches the DNS hostname.

    Option 2: Self-signed certificate

    Self-signed certificates have the advantage of being free and easy to generate. Their disadvantage is that they are not automatically trusted by the products and you have to import them to your browser/system to make a trusted connection.

    go.gifTo acquire a self-signed certificate, use the following commands:


    Adjust your domain name in the subjectAltName field below.

    openssl req -x509 -sha256 -newkey rsa:2048 -keyout slm.key -out slm.crt -addext “subjectAltName = DNS:slm.enterprise” -days 365
    openssl pkcs12 -export -in slm.crt -inkey slm.key -out slm.enterprise.p12
  2. Open the folder where License Management is installed:

    License Management install folder
  3. Copy the certificate file slm.enterprise.p12 to folder Smartbear/LicenseManager/cert.

  4. Open Smartbear/LicenseManager/bin/slm_service.vmoptions file and add following entries:

    -Dserver.ssl.key-store-password=certificate_store_password # optional if certificate_store is not secured by password
  5. Restart SLM License Manager service:

    License Management restart

Next steps

After installing and configuring the On-Premise License Server, you can add licenses and assign them to users in your network. See Add Licenses and Assign Licenses to Users.

Change Password

As a system admin, you can change the password for your account. Use the Change Password dialog to update your login credentials.


See Also

Publication date: