Engineering teams run on specialty software from Autodesk, Bentley, Dassault Systèmes, and dozens of other vendors. The licenses of these applications are expensive, and the cost of mismanagement is real. Consider an example where a senior engineer on the morning shift gets blocked from a premium seat because their junior colleague forgot to check it out the previous evening. That is money left on the table, and also the problem OpenLM License Access Control (LAC) was built to solve.
“License governance isn’t just about visibility. It’s about making the right access happen at the right time, without manual intervention.”
What is OpenLM License Access Control?
LAC transforms license management from passive monitoring into active, policy-driven enforcement. You define the rules — who can use which features, from which workstations, and during which hours. OpenLM compiles those rules into an option file and deploys it directly to your license manager. The license server then enforces them at checkout time.
LAC works across on-premises license managers — including Flexera FlexNet (FLEXlm), DSLS, Reprise RLM, LM-X, and Sentinel RMS — as well as SaaS platforms such as Autodesk Cloud. It integrates with your existing Active Directory or LDAP groups through OpenLM’s User/Group Service (UGS), so you don’t need to rebuild your user directory from scratch.
Specialty engineering licenses often cost tens of thousands of dollars per seat. Uncontrolled access means junior users can inadvertently lock out senior engineers during critical project windows. LAC gives IT and license administrators a structured way to enforce access policies, without requiring manual intervention or license manager expertise for every change.
What’s new in the latest OpenLM LAC update
The May and June 2026 LAC releases introduce four major improvements. Each one addresses a specific friction point in how engineering organizations manage and enforce license access at scale.
Workstation Agent enforcement
LAC now verifies that a user has an active OpenLM Workstation Agent before allocating a license to them. Users without an active agent are skipped at deployment time — no unauthorized access, no guesswork.
New
Bulk rule creation
You can now select multiple features and multiple user entities in a single rule-creation step. LAC creates one rule per combination automatically, skipping any duplicates with a clear warning.
New
SaaS policy deployment
Scheduled and manual policy deployments now extend to SaaS license managers such as Autodesk Cloud — giving you consistent enforcement across both on-premises and cloud license servers.
Improved
Resilient deployments
A single corrupted user or empty group no longer fails an entire deployment. LAC now skips invalid entities, logs the reason in Deployment History, and completes the rest of the deployment cleanly.
A closer look at each improvement
Workstation Agent enforcement: Active enforcement, not passive observation
This is the most significant capability addition in the current release cycle. Until now, LAC could tell you who was using a license. What it couldn’t do is gate access based on whether a user’s workstation met a baseline requirement.
With Workstation Agent enforcement enabled, LAC checks its Agent Activity Manager before each deployment. If a rule targets an individual user and that user’s workstation doesn’t have an active Workstation Agent installed, the rule is skipped. Group and host rules are always deployed normally; enforcement applies only to individual-user rules (INCLUDE, INCLUDEALL, ALLOW, and RESERVE).
An important distinction: LAC distinguishes between a workstation that is temporarily offline and one that has never had the agent installed. Only the latter triggers a skip. And existing license allocations are not retroactively revoked; enforcement takes effect on the next deployment.
Think of the Workstation Agent like a mandatory security badge for a restricted workspace. An engineer who forgot their badge today (temporarily offline) is a different situation from a contractor who was never issued one (agent not installed). LAC handles both cases differently — quietly deferring the first and flagging the second.
Bulk rule creation: Build your policy in one step, not fifty
In large engineering organizations, a single policy change might affect dozens of user groups across multiple features. Previously, that meant creating rules one at a time — a slow, error-prone process.
The Add Rule wizard now accepts multiple entity selections and multiple feature selections simultaneously. LAC creates one rule per entity–feature combination and automatically skips any duplicates with a warning rather than blocking the entire batch. For teams managing complex feature sets across seniority levels or business units, this dramatically reduces administrative overhead.
SaaS policy deployment: One enforcement model for all your license servers
Engineering software has been migrating to cloud-based subscription models. Tools like Autodesk Cloud operate on named-user permission models rather than traditional option files — a difference that previously required separate management workflows.
LAC now supports both scheduled and manual policy deployments for SaaS license managers. You configure and deploy policies the same way you would for an on-premises FlexLM server; the underlying delivery mechanism adapts automatically. This means your license governance model no longer needs to fork depending on whether the license manager lives on your servers or in the cloud.
Resilient deployments: One bad entity doesn’t break the whole policy
In Active Directory environments, user accounts change. People leave, groups get restructured, and entries go stale. Previously, if a deployment referenced a disabled user or an empty group, the entire deployment failed — blocking access changes for everyone.
LAC now handles this gracefully. Corrupted or invalid entities — disabled users, deleted users, empty groups, disabled groups, deleted groups — are skipped individually. The rest of the deployment proceeds, and every skipped rule is logged in Deployment History with a reason. You can fix the underlying entity and redeploy without starting over.
As a fallback, if Broker encounters a write error, LAC rolls back to the last working option file automatically.
Release timeline
Here’s a summary of what shipped and when.
- New: Workstation Agent enforcement (global toggle in Settings)
- New: Bulk rule creation via multi-select in the Add Rule wizard
- New: Policy deployment support for SaaS license managers (manual and scheduled)
- Improved: Deployments now skip corrupted UGS entities instead of failing entirely; skipped rules surface in Deployment History
- New: Revamped LAC documentation
- Improved: Rules list split into clearer Deployed and Undeployed views
- Improved: Rule history error messages now show detail in a tooltip
- Improved: GraphQL API documentation added
- Fixed: Deployed rules no longer incorrectly moving to Undeployed tab after deployment
- Fixed: Duplicate rules no longer appearing after feature reselection
- Fixed: FlexLM feature now displays correctly after rule type change
Who benefits from these changes
License administrators
Bulk rule creation and resilient deployments reduce the manual effort of maintaining access policies in large organizations. You can configure complex policies faster and trust that a stale AD entry won’t derail your next scheduled deployment.
IT and security teams
Workstation Agent enforcement gives you a concrete, enforceable baseline before a license is allocated. Combined with comprehensive audit logging that includes every granted, denied, and skipped event, you have a clear paper trail for compliance reviews.
Engineering managers
SaaS policy deployment means the same governance model you apply to your on-premises Autodesk or Bentley servers now extends to your cloud subscriptions. Senior engineers get reliable access to the tools they need during critical project windows. That’s less time fighting for seats and more time building.
Frequently asked questions
What is OpenLM License Access Control (LAC)?
OpenLM License Access Control (LAC) is a policy-driven feature within the OpenLM platform that turns license management from passive monitoring into active enforcement. You define rules — which users or groups can access which license features, on which workstations, and during which time windows. LAC compiles those rules into an option file and deploys it to your license manager, which then enforces the policy at checkout time.
LAC also logs every granted, denied, and skipped event, giving you a complete audit trail for compliance and troubleshooting.
What’s new in the latest OpenLM LAC update?
The May and June 2026 releases introduce four major improvements:
- Workstation Agent enforcement: LAC now verifies an active Workstation Agent before allocating licenses to individual users.
- Bulk rule creation: You can select multiple features and multiple entities at once in the Add Rule wizard — LAC creates one rule per combination.
- SaaS policy deployment: Scheduled and manual policy deployments now support SaaS license managers such as Autodesk Cloud.
- Resilient deployments: Corrupted or stale user/group entities are now skipped individually rather than failing the entire deployment.
June 2026 also delivered three bug fixes and improvements to the rules list view, error messaging, and GraphQL API documentation.
Why is License Access Control important?
Specialty engineering licenses — tools like Autodesk, Bentley, and Dassault Systèmes products — carry significant per-seat costs. Without access control, any user can check out any license at any time, which often results in senior engineers being blocked from high-value tools during critical project windows.
LAC gives your organization the ability to enforce access policies automatically: reserving premium features for the right people, scheduling access based on time zones and team schedules, and ensuring that license spend maps to actual business priorities — without requiring manual intervention from IT for every change.
How does OpenLM License Access Control work?
LAC works in three stages: define, deploy, and enforce.
- Define: You create rules (for example, INCLUDE a feature for a specific group) and bundle them into policies with optional schedules.
- Deploy: OpenLM’s Broker compiles your rules into an option file and pushes it to the license server. For SaaS platforms, LAC applies named-user updates directly to the cloud tenant.
- Enforce: The license manager applies the rules at checkout. LAC logs every outcome — granted, denied, or skipped — for audit and troubleshooting.
LAC integrates with your Active Directory or LDAP groups through OpenLM’s User/Group Service, so you work with the user structure you already have.
Which license managers are supported?
LAC supports two categories of license manager:
- On-premises (option file based): Flexera FlexNet (FLEXlm), DSLS, Reprise RLM, LM-X, and Sentinel RMS.
- SaaS (named-user): Autodesk Cloud and LinkedIn Sales Navigator.
Available rule types vary by license manager. LAC surfaces only the rule categories that the selected manager supports — FlexLM, for example, supports INCLUDE, EXCLUDE, RESERVE, MAX, and TIMEOUT directives, while SaaS platforms focus on named-user permissions and reservations.
What are the main improvements in the latest LAC update?
The four standout improvements are Workstation Agent enforcement, bulk rule creation, SaaS policy deployment, and resilient deployment behavior for corrupted entities. Together, these updates reduce manual administrative work, extend enforcement to cloud license servers, and make deployments more reliable in real-world directory environments where user accounts change frequently.
June 2026 also fixed several UI bugs — including deployed rules incorrectly moving to the Undeployed tab, duplicate rules appearing after feature reselection, and FlexLM feature display after rule type changes.
Will existing license allocations be affected when Workstation Agent enforcement is enabled?
No. Enabling Workstation Agent enforcement does not retroactively revoke existing license allocations. Enforcement applies on the next deployment only. This gives you time to confirm that the Workstation Agent is deployed to the relevant user population before enforcement takes effect — avoiding unintended disruptions.
It’s good practice to verify agent deployment across your user base before turning on this setting. Any users without an active agent will be skipped on the next deployment, and the skipped rules will appear in Deployment History with a reason.
How does LAC improve deployment reliability?
LAC now skips individual rules with corrupted or invalid entities — such as disabled users, deleted users, empty groups, disabled groups, or deleted groups — instead of failing the entire deployment. The rest of the deployment proceeds normally, and every skipped rule is logged in Deployment History with a reason code.
Additionally, if Broker encounters a write error during deployment, LAC automatically rolls back to the last working option file. This means a failed deployment doesn’t leave your license server in an inconsistent state.
Does LAC support Active Directory and LDAP integration?
Yes. LAC integrates with Active Directory and LDAP through OpenLM’s User/Group Service (UGS). This means you can target existing AD or LDAP groups directly in your rules without rebuilding your user directory. When group membership changes in your directory, LAC reflects those changes automatically, and an option file reload can be triggered on a schedule or manually.
You can also enable automatic deployments on group changes per asset, so your license policies stay aligned with your directory in near-real time.
Why is the LAC update important for engineering organizations?
Engineering organizations face a specific license management challenge: high-cost, high-demand tools shared across teams with very different usage patterns. A structural engineer and an intern on the same Autodesk subscription shouldn’t have the same access priority during a deadline sprint.
The latest LAC update addresses this at scale. Workstation Agent enforcement ensures only verified workstations receive allocations. SaaS policy deployment extends governance to cloud-based tools. Bulk rule creation reduces the time to configure complex policies. And resilient deployments mean your access policies stay live even when directory data isn’t perfect.
For organizations managing 90+ engineering license managers — across on-premises servers and SaaS platforms — that combination represents a meaningful step forward in software license compliance and license allocation management.
