Deployment policies reference
Overview
Configure deployment packages that install Code42 apps on your users' devices according to your specifications. Integrate your apps with SSO, for example, and install silently, without user intervention. This article describes each element of the Deployment Policies interface.
Considerations
This article assumes you understand the introduction to deployment provided by the article Deploy Code42 apps.
- These instructions apply to the Code42 cloud. If you work in an on-premises Code42 environment, see Manage app installations in your Code42 environment.
- To use these deployment tools, you need to sign in to your Code42 console as a user with the Customer Cloud Admin role.
- In the Code42 federal environment, app installations must be deployed with a deployment policy to ensure the use of FIPS encryption in the Code42 app. Users cannot download the installation package from the Code42 console or an email message.
Incydr Professional and Enterprise
Deployment policies
To view and manage deployment policies:
- Sign in to the Code42 console.
- Select Administration > Agent Management > Deployment.
If your Code42 environment does not yet have any deployment policies, you see the option to Create deployment policy. If your environment already has one or more policies, you see the deployment policies list.
| Item | Description | |
|---|---|---|
| a | Create deployment policy | Open the interface for defining a new Code42 app deployment policy. |
| b | Name | The name of the policy. |
| c | Created | The date the policy was created and the username of the administrator who created the policy. |
| d | Registration organization |
Code42 apps deployed with this policy register with this organization.
The organization determines the authentication method and optional proxy address for the policy.
If you deactivate an organization, the associated policy will not work. |
| e | Organization Status | The status of the registration organization. |
| f | View details  |
Allows you to view and change details of the policy. |
Policy details
In the deployment policies list, click View details 
to see details about the policy.
| Item | Description | |
|---|---|---|
| a | Policy name | The name of the policy. |
| b | Delete | Removes the policy from your Code42 environment. Code42 apps deployed to use that policy, but not yet run and installed, will fail to install. |
| c | Edit |
Change details of the policy. |
| d | Details | The details of the policy. |
| e | Scripts | The user detection scripts for the policy. |
| f | Registration organization |
Code42 apps deployed with this policy register with this organization. If your custom script specifies a value for
The organization determines the authentication method and optional proxy address for the policy. |
| g | Created and Last modified dates | The dates the policy was created and last saved. |
| h | Configured operating systems | The operating systems the policy is configured for (Windows, Mac, or Linux). |
| i | Deployment properties |
Use these strings as arguments to a command that installs a Code42 app:
Click the links to download or copy the properties.
For more information about the DEPLOYMENT_URL and DEPLOYMENT_POLICY_TOKEN, see Deployment script and command reference for Incydr Professional and Enterprise. |
| j | Command-line arguments | These strings provide arguments for a command that installs a Code42 app. Use them in your device management tool or installation scripts. See Deployment script and command reference for Incydr Professional and Enterprise for more details. |
Scripts
In the policy details view, click the Scripts tab. To update the scripts, click Edit.
For information about user detection scripts, see Deployment script and command reference for Incydr Professional and Enterprise.
Create or edit deployment policy
In the Deployment policies view, select Create deployment policy, or in the policy details click Edit.
| Item | Description | |
|---|---|---|
| a | Deployment policy name | Enter a name to describe and identify this policy. |
| b | Registration organization |
Select the organization to use this deployment policy. Users register according to the authentication method and directory services configured for their organization.
If an organization already has another deployment policy, it is excluded from the dropdown list. Choose a different organization, or edit the existing policy for that organization.
If your custom script specifies a value for |
| c | User detection scripts |
Select all operating systems you want to use in your deployment policy, and then enter the custom user detection scripts you want to use for each.
Your custom script defines how the username and the user's organization are determined. A summary of script requirements is listed below, but for complete details about customizing scripts, see Deployment script and command reference for Incydr Professional and Enterprise.
All custom scripts must end by writing the echo C42_USERNAME=<value> echo C42_ORG_REG_KEY=<value>
|
| d | Create | Create the deployment policy. |
Deployment secrets
In the deployment policies view, click Deployment secrets to see available secrets. Deployment Secrets are used in the policy details to authorize the agent and limit the time in which an agent can register.
Every deployment policy must have a deployment secret. A deployment secret can be used by any deployment policy for any organization in the tenant. By default, deployment secrets do not expire for six months. If a secret expires, you can extend it to reactivate it.
As a security measure, you can disable a deployment policy at any time by revoking the deployment secret. The policy definition remains intact, but Code42 apps actively making requests for this policy can no longer use the policy. You can extend the secret to later enable devices to register with the policies that use the secret.
| Item | Description | |
|---|---|---|
| a | Active | Select to show active secrets that can be used in deployment policies. |
| b | Expired |
Select to view secrets that have passed their expiration date or have been revoked. When viewing expired secrets, click Reactivate to reinstate the secret. |
| c | Create deployment secret | Create a new secret that can be used in deployment policies. By default, newly-created secrets do not expire for six months. |
| d | Secret |
The secret's unique string. Secrets appear in the policy's details. A deployment token must always be presented with a secret in the deployment policy. |
| e | Expiration date (UTC) | The date the secret is no longer valid to authorize an agent installation. The time is based on the device’s system clock and reported in Coordinated Universal Time (UTC). |
| f | Extend | Lengthen the amount of time that the secret is active by six months. |
| g | Revoke | Nullify the secret. Revoking the secret prevents registration for clients deployed with the secret that have not yet connected to the Code42 cloud. Clients already registered with the secret are not affected. |
Incydr Basic and Advanced, CrashPlan Cloud, and other plans
Deployment policies
To view and manage deployment policies:
- Sign in to the Code42 console.
- Select Administration > Client Management > Deployment.
If your Code42 environment does not yet have any deployment policies, you see the option to Create New Deployment Policy. If your environment already has one or more policies, you see the Deployment Policies list.
| Item | Description | |
|---|---|---|
| a | Create deployment policy | Define a new Code42 app deployment policy. |
| b | Name | The name of the policy. Click to see policy details. |
| c | Created | The date the policy was created and the username of the administrator who created the policy. |
| d | Registration organization |
Code42 apps deployed with this policy register with this organization.
The organization determines the authentication method and optional proxy address for the policy.
If you deactivate an organization, the associated policy will not work. |
| e | Organization Status | The status of the registration organization. |
| f | View details |
Allows you to view and change details of the policy. |
Policy details
In the Deployment Policies list, click a policy name to see details about the policy.
| Item | Description | |
|---|---|---|
| a | Policy name | The name of the policy. |
| b | Delete | Deletes the policy. Any Code42 apps deployed with this policy that have not yet completed installation will fail to install. |
| c | Edit Policy |
Change details of the policy. |
| d | Details | The details of the deployment policy. |
| e | Scripts | The user detection scripts for the policy. |
| f | Registration organization |
Code42 apps deployed with this policy register with this organization. If your custom script specifies a value for
The organization determines the authentication method and optional proxy address for the policy. |
| g | Authentication |
The method the registration organization uses to validate the usernames and passwords entered by users in the Code42 app.
|
| h | Auto Register Users |
|
| i |
Created and Last modified dates |
The dates the policy was created and last saved. |
| j | Configured operating systems | The operating systems the policy is configured for (Windows, Mac, or Linux). |
| k | Launch desktop app after install |
|
| l | Use organization's proxy URL |
|
| m | Installation properties | These strings provide arguments for a command that installs a Code42 app. Use them in your device management tool or installation scripts. See Deployment script and command reference for Incydr Basic and Advanced, CrashPlan Cloud, and other plans for more details. |
| n | Generate new token |
Give the policy a new identifier string.
|
Create or edit deployment policy
In the Deployment Policy view, select Create New Policy or Edit Policy.
| Item | Description | |
|---|---|---|
| a | Policy Name | Enter a name to describe and identify this policy. |
| b | The deployment policy determines the user's organization |
Determines the user's organization. If your custom script specifies a value for
Users register according to the authentication method and directory services configured for their organization.
If an organization already has another deployment policy, it is dimmed in the dropdown and cannot be selected. Choose a different organization, or edit the existing policy for that organization. |
| c | Authentication Method |
The Code42 app uses the authentication method defined for the user's organization.
|
| d | Do you want to automatically register users? |
|
| e | Which operating systems should use this policy when installing the client? |
Determines which operating systems use this policy during Code42 app deployment. |
| f | Add a custom bash script for detecting username, user home, and organization |
Uses your custom script to define how the username, user home directory, and the user's organization are determined. A summary of script requirements is listed below, but for complete details about customizing scripts, see Deployment script and command reference for Incydr Basic and Advanced, CrashPlan Cloud, and other plans.
All custom scripts must end by writing the echo C42_USERNAME=<value> echo C42_USER_HOME=<value> echo C42_ORG_REG_KEY=<value>
Require users to manually enter their usernames
The main purpose of selecting operating systems in this section is to generate the appropriate scripts to automatically detect the username during Code42 app installation. To require users to manually enter their usernames, do not select any operating systems. By leaving all operating systems blank, a deployment policy is still created, but there is no user detection script. As a result, users must enter their usernames to complete the installation process on their device. The server address is still automatically populated for users by the deployment policy. |
| g | Do your clients need a proxy URL to connect to your Code42 authority? |
|
| h | Launch desktop app after initial install? |
|
Authentication mismatch
Mismatches occur when you:
- Define an organization to use SSO authentication.
- Assign that organization a deployment policy with auto-registration.
- Edit the organization to use local authentication.
The policy becomes invalid because the organization can no longer support auto-registration.
The solution is to reconfigure the organization or edit the policy.