When you need to free up user licenses you should start by running the housekeeping tasks "Clear expired tokens" and "Clear deleted LDAP users".
The "Clear expired tokens" Task
This task will remove expired tokens from the repository, can be found on the task list (in the example below on page 2);
The task number will probably not match, but you should find it near the end of the list of tasks.
The "Clear deleted LDAP users" Task
When users are deleted from an external LDAP identity sources, the user deletion may result in licenses being allocated to users that cannot be accessed in the management console.
This housekeeping task can be used to remove tokens that are assigned to users that have been deleted from LDAP.
From the management console select “Administration | Tasks”, left click on the context menu of the task “Clear deleted LDAP users”, then select “Run”;
Once executed the task helps free up licenses by removing the deleted LDAP users.
Identifying License Usage Details
License details may be obtained from the Management Console either through the "Home" menu-bar option, by navigating to "Configuration | Licenses", or by running the report “Users use License”.
If you can't find the template "Users use License", first check the other pages (the report is usually found on one of the last pages), but if the report still cannot be found you will need to download the file from the support site.
The purpose of this template is to produce a report of how the user licenses are being consumed (based on criteria supplied in the field prompted "Query Statement").
The report can be scheduled to run using scheduling details supplied in the field prompted "Schedule(ConTrigger Exprtession):", and you can select what data is sent to the report using the "Configure Output ..." button.
When the report lists a number of tokens with blank Login Names, First Names and Last Names, this will usually indicate that some of the tokens are assigned to users that are no longer accessible through LDAP. When this occurs licenses may be freed up by running the task "Clear deleted LDAP users".
The Query Statement is used to select which token details are included in the report.
To create the query statement click on the pencil icon found to the right of the filed prompted "Query Statement";
A new window titled "Conditions – View" will open, which will be used to specify which tokens details are included in the report;
Only the operator "Equals" can be used when filtering the type of license.
This will be used to restrict audit records that match the specified license type entered.
The query conditions consist of a data field, the condition operator (such as "Equals"), and either a selection from the available data sources, or a manually entered value.
Once all conditions have been entered click "Done", and you will be returned to the report builder.
If this feature is enabled, the report can be scheduled to execute automatically based the schedule that has been built using the "Schedule builder" (the schedule builder is the same builder used to schedule tasks).
Report scheduling can be by clicking on the pencil icon against the prompt "Query Statement", a new window will then open titled "Conditions – View";
Configuration of the Report's Output
If the "Configure Output" button is pressed, a new window will open titled "Report Output";
Saving a report created from the report template
Once the report has been named, the query statement built, schedule setting selected and the output configurations settled on you can save the new report by clicking "Save".
The generated report will list all users, and detail how many tokens are being used by each user.
Once the new report is saved the report design will be added to the list of designed reports in the tab "Reports",