Conversation
...t/en/docs/deployment/general/contract-management/user-metering/implementing-user-metering.md
Outdated
Show resolved
Hide resolved
content/en/docs/deployment/general/contract-management/user-metering/_index.md
Outdated
Show resolved
Hide resolved
content/en/docs/deployment/general/contract-management/user-metering/_index.md
Outdated
Show resolved
Hide resolved
| ### Key Features | ||
|
|
||
| * Automatic tracking – User consumption is automatically tracked from the moment your app is deployed to production and becomes functional, ensuring real-time tracking. | ||
| * Monthly reporting – Usage data is collected regularly, processed monthly, and is available in the Control Center. |
There was a problem hiding this comment.
As per my previous comment - maybe not yet in Control Center - 2nd PR?
There was a problem hiding this comment.
We should remove reference to Control Center in this section.
Irrespective of the control center visibility, we do data collection, processing and deduplication
There was a problem hiding this comment.
What about - Prompt data processing: Usage data is collected, processed, and deduplicated regularly. I can keep the original sentence again when the Usage data PR is available.
There was a problem hiding this comment.
Or should I remove the point completely?
content/en/docs/deployment/general/contract-management/user-metering/_index.md
Outdated
Show resolved
Hide resolved
content/en/docs/deployment/general/contract-management/user-metering/_index.md
Outdated
Show resolved
Hide resolved
| * Application-level visibility – you get the detailed insights into named user counts for each application, helping you to identify optimization opportunities. | ||
| * License type classification – Users are classified by license type as External, Multi-App Internal, or Single-App Internal. This classification gives you accurate license tracking and helps optimize licensing costs. | ||
| * Historical data – User metering provides you with access to usage data for all months since user metering was enabled. | ||
|
|
There was a problem hiding this comment.
Maybe the remark about deployments should be added here.
"End-user metering is currently applied to applications deployed to Mendix Cloud and Mendix Cloud Dedicated environments."
There was a problem hiding this comment.
historical data section is also relevant for control center.
There was a problem hiding this comment.
@JaapF, do you mean to add the remark about deployments under the Key features section as a new bullet?
There was a problem hiding this comment.
It does sound like a limitation, not a Key Feature. I may be wrong.
content/en/docs/deployment/general/contract-management/user-metering/_index.md
Show resolved
Hide resolved
content/en/docs/deployment/general/contract-management/user-metering/_index.md
Outdated
Show resolved
Hide resolved
content/en/docs/deployment/general/contract-management/user-metering/_index.md
Outdated
Show resolved
Hide resolved
| ## How User Aggregation and Deduplication Work | ||
|
|
||
| The user aggregation and deduplication process determines which user pack is consumed when a user accesses one or more of your applications. The process evaluates users in a sequence so that each user is counted according to the correct license pack without duplication. The classification follows the steps below: | ||
|
|
There was a problem hiding this comment.
The headings says "deduplication" but the contents don't say anything about deduplication. I think it should be added as a first step.
Suggestion:
"Users are deduplicated based on common identifier values. A real-life person who has different identifier values in the aggregated data cannot be recognized as same user, so will be counted as multiple users. The deduplication mechanism evaluates 2 user attributes, see [section xyz]" (the section where we talk about system.user.name and userCommons.nameduseridentifier.value, etc,..
There was a problem hiding this comment.
If deduplication is the 1st step, should I change the heading to: How deduplication and user classification work? @JaapF
|
|
||
| Once classified, the user is licensed under the External User Pack and excluded from further classification steps. For more information, see the [User classification](/developerportal/deploy/implementing-user-metering/#user-classification) section of *Implementing Metering*. | ||
|
|
||
| All remaining users are classified as `Internal` Users and further classified as described in the sections below. |
There was a problem hiding this comment.
Let's add:
"A multi-app user that is marked as internal in one app and is marked as external in another app will be counted as an internal user."
There was a problem hiding this comment.
@JaapF I'd say this is internal logic. Why do we want to write it here and confuse the audience?
content/en/docs/deployment/general/contract-management/user-metering/_index.md
Show resolved
Hide resolved
content/en/docs/deployment/general/contract-management/user-metering/faq.md
Outdated
Show resolved
Hide resolved
content/en/docs/deployment/general/contract-management/user-metering/faq.md
Show resolved
Hide resolved
content/en/docs/deployment/general/contract-management/user-metering/faq.md
Outdated
Show resolved
Hide resolved
content/en/docs/deployment/general/contract-management/user-metering/faq.md
Outdated
Show resolved
Hide resolved
content/en/docs/deployment/general/contract-management/user-metering/faq.md
Show resolved
Hide resolved
content/en/docs/deployment/general/contract-management/user-metering/faq.md
Outdated
Show resolved
Hide resolved
content/en/docs/deployment/general/contract-management/user-metering/faq.md
Show resolved
Hide resolved
content/en/docs/deployment/general/contract-management/user-metering/faq.md
Show resolved
Hide resolved
content/en/docs/deployment/general/contract-management/user-metering/_index.md
Outdated
Show resolved
Hide resolved
content/en/docs/deployment/general/contract-management/user-metering/_index.md
Outdated
Show resolved
Hide resolved
| ### Choosing a Cross-App User Identifier: | ||
|
|
||
| User metering may not have been considered when your application was originally designed. As a result, different applications may store different identifier values for the same multi-app user in the `system.user.name`. Additionally, all apps in your portfolio may use different user-provisioning logic. Some apps use standard identity modules (Administration, SAML, OIDC SSO, SCIM, or LDAP) while others rely on proprietary modules or app logic to create users. This can lead to inconsistent identifiers. | ||
| Even when all apps use the same solution, for example, OIDC SSO, the technical identifier value for a multi-app user may still differ. |
There was a problem hiding this comment.
@JaapF @Karuna-Mendix the whole section somehow sounds very apologetic and guessing why you could have done it wrong. Documentation should be more directive IMO.
We ought to be first telling - "you are supposed to do xyz... ". These usecases when a customer might have done it wrong might be best suited for a Q&A or FAQ IMO.
What do you think?
There was a problem hiding this comment.
Hi @satyammx @JaapF, I tried asking Siemens GPT to improve the current section for a more directive tone. It showed the following revision to the text. Let me know if you find it useful.
Guidelines for Unique User Identification (Deduplication)
Mendix offers multi-app user licenses, which allow a single user to access multiple applications while being counted only once for metering purposes. This applies to both internal and external users. Accurate user metering and correct multi-app user deduplication depend critically on consistent user identification across all your applications.
To ensure unique multi-app users are correctly identified and metered, you must maintain a consistent user identifier across all relevant applications.
The Mendix metering mechanism uses the UserCommons.namedUserIdentifier.value attribute as the primary user identifier. If this attribute is not available or populated, it falls back to system.user.name. For a detailed overview of relevant entities and attributes, refer to the "Domain Model Entities" section.
Key Requirements for Multi-App User Identification:
Consistent Identifier Value: The same value for a given multi-app user must be stored in the chosen identifier attribute (UserCommons.namedUserIdentifier.value or system.user.name) across all applications that user accesses. Inconsistent values will result in the user being counted as multiple distinct users.
Best Practices for Choosing and Implementing a Cross-App User Identifier:
User identification strategies can vary across application portfolios, especially if applications were developed independently or use different provisioning methods. Consider the following guidelines to establish a robust and consistent identification strategy:
-
Prioritize UserCommons.namedUserIdentifier.value: Always aim to use and populate UserCommons.namedUserIdentifier.value for user identification. This provides a dedicated field for metering purposes and offers flexibility regardless of the system.user.name value.
-
Use a Stable, Globally Unique Identifier: Select an identifier that is stable and consistently unique across your entire user base and application portfolio.
- Recommended: User's Email Address: Mendix strongly recommends storing the user's email address in UserCommons.namedUserIdentifier.value. This is typically a stable and globally unique identifier that users are familiar with.
- Handling Case Sensitivity: If using email addresses or other text-based identifiers, always store these values in lowercase to prevent metering issues due to case sensitivity. The system.user.name attribute is case-sensitive by design. Mendix's standard SAML, OIDC SSO, and SCIM modules already apply this for email claims received from Identity Providers (IdPs).
-
Address Pairwise Identifiers (e.g., OIDC sub claim): Some identity providers (like Microsoft Entra ID's OIDC sub claim) generate "pairwise" identifiers, which are unique per application for the same user. This is designed to prevent correlation across different service providers but will lead to incorrect multi-app metering within your portfolio.
Solution for Microsoft Entra ID: If using the OIDC SSO module with Microsoft Entra ID, configure your application to store the oid claim (which contains Entra ID's user object ID) in system.user.name. The oid claim provides a consistent identifier for a multi-app user across all applications. -
Integrating with Existing Application Logic: If your current applications use varying system.user.name values or different provisioning methods, you can implement UserCommons.namedUserIdentifier.value without altering existing logic.
Strategy: Continue using your existing application logic for system.user.name if necessary, but additionally implement logic to populate UserCommons.namedUserIdentifier.value with your chosen consistent cross-app identifier (e.g., email address or oid claim). This ensures the metering mechanism has a reliable, consistent identifier to use.
For more information on user types and definitions, refer to the "User Types and Definitions" section.
| Even if all your apps are using the same user onboarding (provisioning) logic, this does not guarantee a user gets the same (technical) identifier value in all your applications. | ||
| The OpenID Connect specifications incorporate the concept of [pairwise user identifiers](https://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg). The general idea of pairwise identifiers is to prevent user correlation across apps owned by different service providers. A user gets a different value in each app when using pairwise user identifiers. | ||
|
|
||
| Mendix recommends storing the user’s email address in the `UserCommons.NamedUserIdentifier.value`; this ensures usage of a pairwise unique identifier in the `system.user.name` does not affect metering. |
There was a problem hiding this comment.
@JaapF Since we do not support UserCommons.Nam.... yet from a User Metering perspective, is it wise to call this out OR should we skip?
| ### Keeping the Existing Logic and Extending | ||
|
|
||
| If your apps are not consistently storing the same identifier for a multi-app user in `system.user.name`, you can start using a new user attribute, new `UserCommons.namedUserIdentifier.value`.You can keep the existing application logic as it is, and in addition, store the selected user identifier value for a multi-app user in this new attribute. | ||
| If your apps are not consistently storing the same identifier for a multi-app user in `system.user.name`, you can start using a new user attribute, a new `UserCommons.namedUserIdentifier.value`.You can keep the existing application logic as it is, and in addition, store the selected user identifier value for a multi-app user in this new attribute. |
There was a problem hiding this comment.
@JaapF - this is not a supported entity from a User Metering perspective yet. Will lead to loss of usage data, if csutomers start implementing it.
How do you propose we move forward, considering supporting this additional attribute is not foreseen in the short term.
...t/en/docs/deployment/general/contract-management/user-metering/implementing-user-metering.md
Outdated
Show resolved
Hide resolved
| 1. `User`: Every Mendix app has a system module containing an entity `User`. | ||
|
|
||
| * `system.user.name`: This field is used to identify users, unless a UserCommons.namedUserIdentifier.value is available for the same user. | ||
| * `system.user.name`: This field is used to identify users, unless a `UserCommons.namedUserIdentifier.value` is available for the same user. |
There was a problem hiding this comment.
@JaapF @Karuna-Mendix
UserCommons.namedUserIdentifier.value
should we refer to this attricbute since this is not yet supported by the Metering sidecar and the metering stack overall?
3 participants
https://mendix.atlassian.net/browse/TW-2769