Skip to main content

This article applies to Cloud.

Available in:

StandardPremiumEnterprise
Small Business
Code42 Support

How to configure provisioning

This article applies to Cloud.

Available in:

StandardPremiumEnterprise
Small Business

Overview

Provisioning allows you to automatically manage users in your cloud Code42 environment. Once enabled, Code42 creates new users, removes deactivated users, and updates user roles and permissions based on syncs with your provisioning provider. This article explains how to configure provisioning. 

To learn more about provisioning concepts, see our introduction to provisioning article. If Okta is your provisioning provider, learn how to set up your provisioning here

Code42 User Directory Sync
Code42 User Directory Sync is another option for automating user management, similar to SCIM provisioning. However, Code42 User Directory Sync has different requirements and a different setup process.

This article does not describe how to configure Code42 User Directory Sync. To set up and use Code42 User Directory Sync, you must contact your Customer Success Manager (CSM) for enterprise support at csmsupport@code42.com.

Considerations

The Code42 provisioning feature requires you to connect a third-party provisioning provider to Code42. The following are the basic requirements that your provider and your Code42 environment need to meet to integrate correctly:

  • Cloud Code42 environment: Provisioning is only available in cloud Code42 environments.
  • SCIM 2.0: Code42 requires a provisioning provider to use the SCIM 2.0 protocol. 
  • SCIM groups: The custom SCIM mapping and role mapping require that your provider uses SCIM groups. Other provisioning features are available without SCIM groups.

Before you begin 

Determine how you want to map users from the provisioning provider to Code42 organizations. To learn more, see our introduction to provisioning article. There are 4 ways to map users to a Code42 organization: 

Map all users to a Code42 organization

Assigns all users to the same Code42 organization. If you choose this option, create organizations in the administration console before you begin.

Example use case
Use this option if you manage users in the administration console. For example, all users that are provisioned from the provisioning provider are added to the same organization. You can then move the users from that single organization to additional organizations in the administration console. 

Map all users to organizations based on the provider's "c42OrgName" attribute  

Creates new organizations or assigns users to existing organizations based on the value for the user attribute c42OrgName. This value becomes the name for the Code42 org. This attribute is managed on the provisioning provider. 

Example use case
Use this method if you wish to manage users in the provisioning provider (and not in the administration console). Whatever is the value for this attribute becomes the name for the Code42 org. Code42 creates new organizations or assigns users to existing organizations based on the value. 

Map all users to organizations based on an existing provider SCIM attribute

Creates new organizations or assigns users to existing organizations based on the value for the chosen user attribute. For example, if you want to set up your Code42 organizations by office location, create an office attribute from the provisioning provider user profile. The value of the attribute becomes the name of the organization. 

Example use case
Use this method if you already have an attribute included in the provisioning provider user profile that you wish to use for organization mapping. For example, say you want to set up your Code42 organizations by office location. You create an office attribute. Whatever is the value of the office attribute becomes the name of the organization. 

Map users to organizations using SCIM groups

Assigns users to Code42 organizations based on their SCIM group. If you choose this option, create organizations in the administration console before you begin.

Example use case
Use this mapping if your users are already assigned to SCIM groups. For example, a user is part of a two different SCIM groups: an executive group and a UK group. You want this user's backup policies to match the other executives in your company, so this user should be assigned to the same Code42 organization as the other executives. In the administration console, you can choose the executive group to take priority over the UK group. This way you can place all of the executives in your company in the same organization and ensure they have the same backup policies.

Compare methods

  Automatically creates organizations in Code42 Requires you to create Code42 organizations before you begin Requires your provider to send SCIM groups to Code42
Map all users to a Code42 organization   x  
Map all users to organizations based on the provider's "c42OrgName" attribute x    
Map all users to organizations based on an existing provider SCIM attribute x    
Map users to organizations using SCIM groups   x x

Step 1: Create Code42 organizations 

This step is only required if you choose to use the Single Organization or Custom SCIM mapping methods. The "c42OrgName" attribute and Custom attribute methods create Code42 organizations automatically. 

  1. Sign in to the administration console
  2. Click Organizations, and choose Active. 
    Code42 organizations
  3. Select the Add an organization icon Add an organization button and enter a name. 
    This method adds the organization under the default organization.
  4. To add a child organization
    1. Select the organization. 
    2. Click the action menu Action menu icon in the upper-right corner. 
    3. Choose Add a child organization
  5. Repeat until you have added all of your organizations.

Step 2: Add a provisioning provider in the Code42 administration console

  1. In the administration console, navigate to Settings.
  2. Choose Identity Management
    provisioning provider
  3. Select the Provisioning tab. 
  4. Click Add Provisioning Provider.
  5. Enter a display name and click Next
  6. The Add SCIM Provisioning message appears. Leave this message open. You need this information for the next step in the provisioning provider setup.
    Add SCIM provisioning

Step 3: Configure your provisioning provider

The steps for configuration vary by provisioning provider. See your provider's documentation for more details. When finished obtaining the information from the Add SCIM Provisioning dialog, click Done. The provisioning provider details appear. 
Configure provisioning provider

(Optional) Step 4: Edit deactivation delay

The deactivation delay determines how long Code42 waits to deactivate a user after syncing with the provisioning provider. Although Code42 may be configured to wait, Code42 does immediately block a user once they receive deactivation update from from the provisioning provider. Blocking a user means they can no longer sign in to the Code42 app, but their devices continue to back up. The delay helps prevent accidently deactivating a user and removing their backup archive. Learn more about deactivating a user. In the administration console, view the provisioning provider details. Edit the deactivation delay. 

Step 5: Push SCIM groups to Code42 

Push SCIM groups from the provisioning provider to Code42. See your provider's documentation for more details. If you are not using groups, continue to the next step.

Wait to assign people or groups to the Code42 app in the provisioning provider
Do not assign people to the Code42 app in the provisioning provider yet. Wait until after you have completed the organization mapping and role mapping. If you assign people to the Code42 app before you configure mapping, the users are not automatically mapped to Code42 organizations and roles.  

Step 6: Choose an organization mapping method

The mapping method determines how Code42 assigns users to organizations. Organizations are used to set backup policies and permissions for users in your Code42 environment. To change the method, go to Organization Mapping, and click Add Organization Mapping or the edit icon. 

Organization mapping

The Edit Organization Mapping Method dialog is displayed.
edit organization mapping

In the Edit Organization Mapping Method dialog, choose one of the following mapping methods:

Map all users to a Code42 organization

Assigns all users to the same Code42 organization.

  1. In Edit Organization Mapping Method, choose Single Organization
  2. Select an existing organization to map all users to. 

Map users to organizations based on the provider's "c42OrgName" attribute

Creates new organizations or assigns users to existing organizations based on the value for the user attribute c42OrgName.

  1. In Edit Organization Mapping Method, choose "c42OrgName" attribute
  2. Choose an organization where unmapped users will be assigned. Unmapped users are users who do not have the c42OrgName attribute.  

Map users to organizations based on an existing provider SCIM attribute

Creates new organizations or assigns users to existing organizations based on the value for the chosen user attribute.

  1. In Edit Organization Mapping Method, choose Custom attribute. 
  2. In Enter a SCIM attribute, enter name for an attribute that exists in your provisioning provider's user profiles. 
  3. Choose an organization where unmapped users will be assigned. Unmapped users are user who do not have the custom attribute.  

Map users to organizations using SCIM groups

Assigns users to Code42 organizations based on their SCIM group. You can also choose the priority of which organization a user is mapped to if they belong to two or more groups.

  1. In Edit Organization Mapping Method, choose Custom SCIM mapping. 
  2. Choose an organization where unmapped users will be assigned. Unmapped users are users who either do not belong to a group or their group is not mapped. 
  3. Click Save
    The group mapping appears. 
  4. Click Add Mapping.
  5. Select one or more SCIM groups.
    Add organization mapping
  6. From Select a Code42 organization, choose an organization from the menu. 
  7. Click Save
    The mapping appears on the Provisioning Provider details page. 
  8. Repeat until all of your SCIM groups have been mapped to Code42 organizations. 
    The message All SCIM groups are mapped appears.
    All SCIM groups are mapped
  9. (Optional) Adjust the priority of each mapping. This is useful for users who belong to more than one SCIM group. 

There are no SCIM groups available

This message appears if SCIM groups have not been synced with the administration console. Push groups to the administration console to begin organization mapping. 

Wait to assign people or groups to the Code42 app in the provisioning provider
Do not assign people to the Code42 app in the provisioning provider yet. Wait until after you have completed the organization mapping and role mapping. If you assign people to the Code42 app before you configure mapping, the users are not automatically mapped to Code42 organizations and roles.  

Step 7: Configure Role Mapping

Role mapping allows you to automatically assign Code42 roles and permissions to provisioned users based on their SCIM group. Learn more about Code42 roles and permissions. Users who are not mapped inherit the default roles for their organization. 

SCIM Groups
Role Mapping is only available if you are using SCIM groups. 
  1. Click Add Role Mapping
  2. Select a SCIM group from the dropdown. 
    Only groups that have not been mapped appear in the dropdown.
    Add role mapping
  3. Choose one or more roles from the list to apply to this SCIM group. Learn more about Code42 roles and permissions.
Basic Code42 Roles 
We recommend including the roles Desktop User and PROe User for all users who are backing up their computers to Code42. These roles allow users to sign in to the Code42 app and administration console. If you are giving external groups access to your Code42 environment (for example, outside legal council) they do not need these roles. 
  1. Click Add
    The role mapping appears under the provisioning provider detail. 
  2. Repeat until all of your SCIM groups have been mapped to Code42 organizations. 
    The message All SCIM groups are mapped appears. 

There are no SCIM groups available

This message appears if SCIM groups have not been synced with the administration console. Push groups to the administration console to begin role mapping. 

Wait to assign people or groups to the Code42 app in the provisioning provider
Do not assign people to the Code42 app in the provisioning provider yet. Wait until after you have completed the organization mapping and role mapping. If you assign people to the Code42 app before you configure mapping, the users are not automatically mapped to Code42 organizations and roles.  

Step 8: Assign the Code42 app users or groups in the provisioning provider

Users will not appear in Code42 until you assign them to the Code42 app in your provisioning provider. We recommend creating a test user, and assigning the Code42 app to the test user before assigning the app to all of the groups. Once you assign the Code42 app to a group or user, the provisioning provider immediately syncs with Code42 and provisions the users.

See your provider's documentation for more information about assigning apps to users and groups. 

Troubleshooting

Tips for troubleshooting provisioning: 

  • Once provisioning is configured in Code42, you should make all user changes in the provisioning provider. Code42 does not make changes to the provisioning provider, so any changes made on the Code42 side causes the two apps to become out-of-sync. 
  • Updating the administration console does not start a sync between the provisioning provider and Code42. Only changes made in the provisioning provider can start a sync. 
  • To view more information about provisioning changes and logs, see the Sync Log in the administration console. This gives details of all of the users that have been created, updated, or deleted due to provisioning. 
Need more help?
Contact our Customer Champions​ for Code42 for Enterprise support
  • Was this article helpful?