This article describes multiple strategies for deploying Code42 apps to user devices. You can integrate your apps with SSO, for example, or use LDAP to install silently, without user intervention. The article is intended for server administrators using device management tools like SCCM for Windows or Jamf Pro for Mac. This article provides:
- Introduction to Code42 app deployment and description of how it works in general.
- Recommendations and links to help you with specific environments and specific deployment strategies.
These instructions apply to administrators deploying Code42 apps version 6.5 or later with on-premises authority servers version 6.5 or later. If you are using older servers or clients, select the appropriate instructions from Manage app installations in your Code42 environment.
To use these deployment tools, you need to sign in to your Code42 console as a user with one of these roles:
Before you begin
Creating and using Code42 deployment policies requires familiarity with:
- Creation and configuration of organizations in your Code42 environment.
- The authentication methods that your organizations use to manage users.
- The process you use to distribute and install applications to user devices (typically a device management tool like SCCM for Windows or Jamf Pro for Mac.
How deployment works
Before selecting and configuring a deployment option, it helps to understand how deployment works from end-to-end:
- You define a deployment policy in the Code42 console.
- From the policy view in the console, you copy the arguments for a Code42 app installer command.
- You paste or import those install arguments into your device management software and push them to devices, along with Code42 app executables.
- When install commands run on user devices, Code42 apps retrieve your policy from your Code42 authority server.
If the Code42 app fails to connect to the authority server and find the policy, it will retry every 5 minutes until it succeeds or a user explicitly stops the process.
- Code42 apps run your policy's detection script in order to determine usernames and home directories. In version 8.2.5 later, the detection script can also optionally specify the organization.
- When a policy is configured to automatically register users, Code42 apps start security monitoring and backing up data without user intervention. Otherwise, users manually authenticate and register.
If automatic registration fails for any reason, the Code42 app retries every hour. It retrieves the policy again and tries to register again, until it succeeds or a user explicitly stops the process.
As a security measure, you can disable a deployment policy at any time by generating a new deployment token. The policy definition remains intact, but Code42 apps actively making requests for this policy can no longer use the policy. You must uninstall and reinstall the Code42 app with the new deployment token to enable devices to register with this policy.
Step 1: Configure your server
On-premises Code42 environments only. Does not apply if you use the authority server in the Code42 cloud.
Install an SSL certificate
Your environment must support secure client-server communications. We recommend you provide your authority server server with an SSL certificate signed by a certificate authority (CA).
Note: In the default configuration, your authority server uses a self-signed certificate, and your deployment policies will provide an SSL_WHITELIST argument. Including the argument in your install commands tells clients that they can trust that self-signed certificate.
Verify that apps can connect to server by HTTPS
User devices must be able to reach your Code42 console by the HTTPS protocol. Check your authority server's protocol and port configuration:
- In the Code42 console, see Administration > Settings > Server > Website protocol, host, and port.
- The URL must begin with https://
- The final digits are the port number. The default value is 4285.
- Your firewalls must allow client requests to reach the authority server at that port.
Step 2: Configure an organization
- The organization's authentication method is the policy's authentication method.
- When deployed Code42 apps install, users and devices become members of that organization. But Code42 environments using LDAP and LDAP scripting can redirect users and devices to other organizations.
- An organization has one deployment policy only. Child organizations do not inherit their parents' policies.
- In version 6.5 - 7.x, a policy applies to one organization only.
- In version 8.2.5 and later, a policy can optionally apply to multiple organizations.
- Custom images and texts for Code42 apps also belong to organizations. You can define customizations before or after deployment.
Once an organization has a deployment policy, changing the organization's authentication method can easily break the policy. See Deployment policies reference.
Step 3: Select a deployment option
The deployment options available vary with your Code42 environment's configuration:
- Whether you authenticate users with LDAP, SSO, or local authentication.
- Whether and how the deployment's username detection script matches usernames at devices with usernames in your authentication data.
Following are the most common deployment options.
Silent registration with LDAP
New Code42 apps register automatically via LDAP and start backups without user intervention. Use this option with:
- LDAP directory services
The deployment's username detection script:
- Matches usernames at devices with usernames in LDAP data.
- If there is no match, the deployment fails.
To create the deployment, see the instructions in Deploy Code42 apps silently with LDAP.
Silent registration with SSO
New Code42 apps register automatically via SSO and start security monitoring and backups without user intervention. Use this option with:
- SSO authentication and local directory services
The deployment's username detection script:
- Matches usernames at devices with usernames in SSO data.
- If there is no match, Code42 apps may nonetheless sign in to your Code42 environment and begin backups. But users will not be able to sign in and restore backed up data.
To create the deployment, see the instructions in Deploy Code42 apps silently with SSO.
Silent registration with local authentication
New Code42 apps register automatically and start backups without user intervention.
- Use this option with local authentication (authentication by the Code42 authority server).
- You must customize your deployment's username detection script to provide Code42 usernames as email addresses.
- Code42 passwords are hidden. If a user wants to access to the Code42 app or the Code42 console, an administrator must reset that user's password.
To create the deployment, see the instructions in Deploy Code42 apps silently with local authentication.
Require users to manually sign in to the Code42 app. Use this option with:
- Local authentication and user-defined names and passwords
- SSO or LDAP authentication
To create the deployment, see the instructions in Deploy Code42 apps for manual sign on.
Before deploying Code42 apps to production devices, always test your entire process and all its scripts and files.
- At your Code42 console, create at least one test organization.
- Add several test users to that organization.
- Connect test devices for those users to the network that includes your Code42 environment.
- Deploy Code42 apps to the test devices and make sure they work as intended.