Deployment policies reference

Overview

Configure deployment packages that install Code42 apps on your users' devices according to your specifications. Integrate your apps with SSO, for example, and install silently, without user intervention. This article describes each element of the Deployment Policies interface.

Considerations

This article assumes you understand the introduction to deployment provided by the article Prepare to deploy Code42 client apps.

These instructions apply to the Code42 cloud. If you work in an on-premises Code42 environment, see Manage app installations in your Code42 environment.
To use these deployment tools, you need to sign in to your Code42 console as a user with the Customer Cloud Admin role.
In the Code42 federal environment, app installations must be deployed with a deployment policy to ensure the use of FIPS encryption in the Code42 app. Users cannot download the installation package from the Code42 console or an email message.

Deployment policies

To view and manage deployment policies:

Sign in to the Code42 console.
Select Administration > Client Management > Deployment.

If your Code42 environment does not yet have any deployment policies, you see the option to Create New Deployment Policy. If your environment already has one or more policies, you see the Deployment Policies list.

Deployment policies list

Item		Description
a	Create New Policy	Open the interface for defining a new Code42 app deployment policy.
b	Policy name	The name of the policy. Click to see policy details.
c	Created On	The date the policy was created.
d	Created By	The username of the administrator who created the policy.
e	Registration Org	Code42 apps deployed with this policy register with this organization. The organization determines the authentication method and optional proxy address for the policy. If you deactivate an organization, the associated policy will not work. The policy list displays an alert to say so.
f	Edit Policy	Allows you to view and change details of the policy.
g	Delete Policy	Removes the policy from your Code42 environment. Code42 apps deployed to use that policy, but not yet run and installed, will fail to install.

Policy details

In the Deployment Policies list, click a policy name to see details about the policy.

Deployment policy details

Item		Description
a	Policy name	The name of the policy.
b	Edit Policy	Change details of the policy.
c	Registration Org	Code42 apps deployed with this policy register with this organization. If your custom script specifies a value for `C42_ORG_REG_KEY`, only users not covered by the script register to this organization. The organization determines the authentication method and optional proxy address for the policy.
d	Authentication	The method the registration organization uses to validate the usernames and passwords entered by users in the Code42 app. Local: Username and passwords are defined in the Code42 console SSO (<provider name>): Usernames and passwords are defined in SSO provider data.
e	Auto Register Users	No: Users must manually sign in to the Code42 app to start security monitoring and backup. You have two options: Advise users to self-register by clicking Sign up in the Code42 app. Create user accounts and provide the credentials to users. Yes: The username is determined by the deployment policy's detection script. The Code42 app authenticates with SSO. Security monitoring and backup begins automatically, provided the destination is set to auto-start.
f	Windows Script Mac Script Linux Script	Defines how the Code42 app detects the username, user home directory, and optionally, the user's organization. Scripts differ by operating systems. Code42 cloud environments must use a custom script. See Add a custom script description in the next section for more details.
g	Use Org Proxy URL to connect?	Yes: The Registration Org requires Code42 apps to communicate through a proxy server. To see the URL of an organization's proxy auto-config (PAC) file, go to Organizations > [select an organization] > Action menu > Device Backup Defaults > Network > Proxy. No: Code42 apps communicate with the Code42 cloud directly.
h	Launch desktop app after install?	Yes: After installation on a Windows or Mac device, the Code42 app opens for the user to see and use. Not applicable on Linux. No: The Code42 app does not show until the user manually opens the app.
i	Last Modified	The date the policy was last saved.
j	Created On Created By	The date the policy was created. The username of the administrator who created the policy.
k	Installation properties	These strings provide arguments for a command that installs a Code42 app. Use them in your device management tool or installation scripts. See Deployment script and command reference for more details.
l	Generate new token	Give the policy a new identifier string. Generate a new token if you suspect unauthorized use of the deployment policy. Any Code42 apps previously deployed with the policy, and not yet installed, will fail to install. You will need to install them with the new, active, deployment token.

Create or edit deployment policy

In the Deployment Policy view, select Create New Policy or Edit Policy.

Create New Deployment Policy form

Item		Description
a	Policy Name	Enter a name to describe and identify this policy.
b	The deployment policy determines the user's organization	Determines the user's organization. If your custom script specifies a value for `C42_ORG_REG_KEY` (see item g below), only users not covered by the script register to this organization. Users register according to the authentication method and directory services configured for their organization. If an organization already has another deployment policy, it is dimmed in the dropdown and cannot be selected. Choose a different organization, or edit the existing policy for that organization.
c	Authentication Method	The Code42 app uses the authentication method defined for the user's organization. Local: Username and passwords are defined in the Code42 console. SSO (<provider name>): Usernames and passwords are defined in SSO provider data.
d	Do you want to automatically register users?	No: Users must manually sign in to the Code42 app to start security monitoring and backup. You have two options: Advise users to self-register by clicking Sign up in the Code42 app interface. Create user accounts and provide the credentials to users. Yes: The username is determined by the deployment policy's detection script. The Code42 app authenticates with SSO. Security monitoring and backup begins automatically, provided the destination is set to auto-start.
e	Which operating systems should use this policy when installing the client?	Determines which operating systems use this policy during Code42 app deployment.
f	User detection method	Determines how the Code42 app detects the username, user home directory, and optionally, the user's organization. Use default script for detecting username and user home: Not applicable. Code42 cloud environments must use a custom script. Add a custom bash script for detecting username, user home, and organization: Uses your custom script to define how the username, user home directory, and the user's organization are determined. Require users to manually enter their usernames The main purpose of selecting operating systems in this section is to generate the appropriate scripts to automatically detect the username during Code42 app installation. To require users to manually enter their usernames, do not select any operating systems. By leaving all operating systems blank, a deployment policy is still created, but there is no user detection script. As a result, users must enter their usernames to complete the installation process on their device. The server address is still automatically populated for users by the deployment policy.
g	Add a custom script	Specifies how to determine the username and home directory for each device. All custom scripts must end by writing the `C42_USERNAME` and `C42_USER_HOME` variables to standard output (see below). `C42_ORG_REG_KEY` can also be included to define the organization, but this is optional. If `C42_ORG_REG_KEY` is not present, the Code42 app uses the default organization selected for this deployment policy. echo C42_USERNAME=<value>; echo C42_USER_HOME=<value>; echo C42_ORG_REG_KEY=<value>; Usernames must be email addresses. To specify an organization, use the registration key. For more details about customizing scripts, see Deployment script and command reference. For assistance with custom scripts, contact your Customer Success Manager (CSM) to engage the Code42 Professional Services team.
h	Do your clients need a proxy URL to connect to your Code42 authority?	No: Code42 apps communicate with the Code42 cloud directly. Yes: The Registration Org requires Code42 apps to communicate through a proxy server. To see the URL of an organization's proxy auto-config (PAC) file, go to Organizations > [select an organization] > Action menu > Device Backup Defaults > Network > Proxy.
i	Launch desktop app after initial install?	Yes: After installation on a Windows or Mac device, the Code42 app opens for the user to see and use. Not applicable on Linux. No: The Code42 app does not show until the user manually opens it.

Policy saved

When you save a newly defined or edited policy, the Policy Saved dialog appears.

Deployment policy saved

Item	Description
a	Installation properties	Use these strings as arguments to a command that installs a Code42 app. Click to copy and download the properties now, or access them later from the policy details view.
b	Done	Close the dialog and return to the Deployment Policies list.

Item

Description

a

Installation properties

Use these strings as arguments to a command that installs a Code42 app.

Click to copy and download the properties now, or access them later from the policy details view.

b

Done

Close the dialog and return to the Deployment Policies list.

Authentication mismatch

Authentication mismatch message

Mismatches occur when you:

Define an organization to use SSO authentication.
Assign that organization a deployment policy with auto-registration.
Edit the organization to use local authentication.

The policy becomes invalid because the organization can no longer support auto-registration.

The solution is to reconfigure the organization or edit the policy.