This topic contains information about the Remote Access license, which determines who can authenticate to your tenants through Remote Access and for how long. For information about renewing or extending your CyberArk Remote Access license, contact your CyberArk account representative.

View license details

License details are displayed in the Remote Access portal. Tenant admins can view these details in their user's drop-down profile.


The Remote Access license for each tenant specifies the following information.



Subscriptions in use

The total number of licenses than can be used in your Remote Access tenant during the license validity period, and the percentage of that number currently in use by both users and Vendors.

You can also see a breakdown of the users and Vendors in your subscription, and the limits for each:

  • Users - The number of users

  • Vendors - The number of Vendors and how many of total licenses can be used for Vendor users.

  • Monthly active Vendors - The number of active Vendors during the current calendar month, and how many Vendors can log in during the calendar month.


The number of Remote Access sessions permitted during the current calendar month, and the used percentage of that number. This is updated hourly from your first sign in.

Expiration date/days remaining

The date when your Remote Access license expires, and the number of days you have to renew it until then.

If any of these details are set to 'unlimited' in your tenant license, that line is not displayed in the user drop-down menu.

Expiration warnings

When 90% of the access permitted by your license is used, an orange warning triangle appears in your license details. After 100% of the access has been used, a red warning triangle appears.

Make sure you renew your license before it expires, to ensure seamless connectivity and continuity.

License consumption

Remote Access users consume a Remote Access license when they are created in Remote Access. Similarly, Remote Access Vendor users who have a corresponding user in the CyberArk Vault consume a PAM - Self-Hosted license. When the user does not have an account in the Vault, they do not consume a PAM - Self-Hosted license.

If you have a Vendors monthly access license, the amount of Vendors that can access PAM - Self-Hosted in a monthly period, out of your total Vendor users, is determined by an amount set by Admin . When a Vendor user is created in Remote Access, a Remote Access license is consumed and only when the Vendor accesses PAM - Self-Hosted, a monthly license is consumed.

In addition, Remote Access users do not consume a PAM - Self-Hosted license when their status is any of the following:

  • Before timeframe

  • Awaiting confirmation

  • Deactivated

  • Expired

The following example describes a scenario of Remote Access/PAM - Self-Hosted license consumption.

When a Vendor user is created in Remote Access, a license is consumed only in Remote Access. Immediately after the user connects for the first time to PAM - Self-Hosted, VendorLDAP and Vault users are created for this Remote Access user and a PAM - Self-Hosted license is consumed.

  • When you delete a Remote Access user, the corresponding users in the Vault and the VendorLDAP directory are automatically deleted.

  • When you deactivate a user, it is automatically deleted from the VendorLDAP directory. Twenty four (24) hours later, this user is also deleted from the Vault.

  • Users who can only access Remote Access for a specific time-frame are automatically deactivated 24 hours after that time-frame expires, and their corresponding users in the Vault and the VendorLDAP directory are deleted.