The Crowd license user count is based on the number of users who will log in to applications integrated with Crowd. Generally, that would be users that are members of the "Who can authenticate" groups. Additionally, in the directory list for an application (e.g., Confluence: Crowd console -> Applications -> Confluence -> Directories), if "Allow all users from this directory to authenticate" option is checked, Crowd will count all the users in the directory.

If a user with the same username exists in multiple directories he or she will only be counted once (this was introduced in Crowd 2.11) 

Reducing User Count

To get your user count, the following guidelines may be helpful:

• We recommend that you allow only particular groups to log in to each application, rather than entire directories. 

• If you're using an LDAP directory, you can use filters to restrict the scope of the LDAP search. The best option would be to use filters based on Group Memberships. For example:

  (&(objectCategory=Person)(sAMAccountName=*)(memberOf=CN=jira-users,OU=Sydney,DC=example,DC=com))
  

• Note that a mapped application can "see" all users in a directory, even if not all of them can log in to the application. For example, a Human Resources application might be mapped to your entire Active Directory server, but only the HR group is allowed to log in to the application.

Once you've reduced the number of users below your license limit, you can reapply your commercial license key.