This article describes multiple strategies for deploying Code42 apps to user devices. You can integrate your apps with SSO, for example, without user intervention. The article is intended for administrators using device management tools like SCCM for Windows or Jamf Pro for Mac. This article provides:
- Introduction to Code42 app deployment and description of how it works in general.
- Recommendations and links to help you with specific environments and specific deployment strategies.
These instructions apply to the Code42 cloud. If you work in an on-premises Code42 environment, see Manage app installations in your Code42 environment.
To use these deployment tools, you need to sign in to your administration console as a user with the role:
Before you begin
Creating and using Code42 deployment policies requires familiarity with:
- Creation and configuration of organizations in your Code42 environment.
- The authentication methods that your organizations use to recognize users.
- The process you use to distribute and install applications at user devices, typically a device management tool like SCCM for Windows or Casper Suite for Mac.
How deployment works
Before selecting and configuring a deployment option, it helps to understand how deployment works from end to end:
- You define a deployment policy in the administration console.
- From the policy view in the console, you copy the arguments for a Code42 app installer command.
- You paste or import those install arguments into your device management software and push them to devices, along with Code42 app executables.
- When install commands run on user devices, Code42 apps retrieve your policy from your Code42 cloud instance.
If the Code42 app fails to connect to the Code42 cloud instance and find the policy, it will retry every 5 minutes until it succeeds or a user explicitly stops the process.
- Code42 apps run your policy's detection script in order to learn their device's usernames and home directories.
- When a policy specifies silent deployment, Code42 apps automatically register with your Code42 environment and start backing up data. Otherwise, users manually authenticate and register.
If automatic registration fails for any reason, the Code42 app retries every hour. It retrieves the policy again and tries to register again, until it succeeds or a user explicitly stops the process.
As a security measure, you can disable a deployment policy at any time by generating a new deployment token. The policy definition remains intact, but as far as Code42 apps are concerned, it has been renamed. Code42 apps already deployed, but not yet installed, cannot find the policy and will not install. And do not deploy any more Code42 apps with the old token.
Step 1: Verify that apps can connect by HTTPS
User devices must be able to reach your administration console by the HTTPS protocol. Check your protocol and port configuration:
- The URL must begin with https://
- The final digits are the port number. The default value is 4285.
- Your firewalls must allow client requests to reach the administration console at that port.
Step 2: Configure an organization
- The organization's authentication method is the policy's authentication method.
- When deployed Code42 apps install, users and devices become members of that organization.
- An organization has one deployment policy only, and a policy applies to one organization only. Child organizations do not inherit their parents' policies.
- Custom images and texts for Code42 apps also belong to organizations. You can define customizations before or after deployment.
Once an organization has a deployment policy, changing the organization's authentication method can easily break the policy. See Deployment policies reference.
Step 3: Select a deployment option
The deployment options available vary with your Code42 environment's configuration:
- Whether you authenticate users with SSO or local authentication.
- Whether and how the deployment's username detection script matches usernames at devices with usernames in your authentication data.
Following are the most common deployment options.
Silent registration with SSO
New Code42 apps register automatically via SSO and start backups without user intervention. Use this option with:
- SSO authentication and local directory services
The deployment's username detection script:
- Matches usernames at devices with usernames in SSO data.
- For the Code42 cloud, SSO usernames are email addresses.
You must customize the installer's detection script to adjust for that.
To create the deployment, see the instructions in Deploy Code42 apps silently with SSO.
Silent registration with local authentication
New Code42 apps register automatically and start backups without user intervention.
- Use this option with local authentication (authentication by the Code42 authority server).
- You must customize your deployment's username detection script to provide Code42 usernames as email addresses.
- Code42 passwords are hidden. User access to the Code42 app or the administration console requires an administrator to reset that user's password.
To create the deployment, see the instructions in Deploy Code42 apps silently with local authentication.
Require users to manually sign in to the Code42 app. Use this option with:
- Local authentication and user-defined names and passwords
To create the deployment, see the instructions in Deploy Code42 apps for manual sign on.
Before deploying Code42 apps to production devices, always test your entire process and all its scripts and files.
- At your administration console, create at least one test organization.
- Add several test users to that organization.
- Connect test devices for those users to the network that includes your Code42 environment.
- Deploy Code42 apps to the test devices and make sure they work as intended.