This article describes multiple strategies for deploying Code42 apps to user devices. You can integrate your apps with SSO, for example, without user intervention. The article is intended for administrators using device management tools like SCCM for Windows or Jamf Pro for Mac. This article provides:
- Introduction to Code42 app deployment and description of how it works in general.
- Recommendations and links to help you with specific environments and specific deployment strategies.
- These instructions apply to the Code42 cloud. If you work in an on-premises Code42 environment, see Manage app installations in your Code42 environment.
- To use these deployment tools, you need to sign in to your administration console as a user with the Customer Cloud Admin role.
- In the Code42 federal environment, app installations must be deployed with a deployment policy to ensure the use of FIPS encryption in the Code42 app. Users cannot download the installation package from the administration console or an email message.
Before you begin
Creating and using Code42 deployment policies requires familiarity with:
- Creation and configuration of organizations in your Code42 environment.
- The authentication methods that your organizations use to manage users.
- The process you use to distribute and install applications to user devices (typically a device management tool like SCCM for Windows or Jamf for Mac).
How deployment works
Before selecting and configuring a deployment option, it helps to understand how deployment works from end-to-end:
- You define a deployment policy in the administration console.
- From the policy view in the console, you copy the arguments for a Code42 app installer command.
- You paste or import those install arguments into your device management software and push them to devices, along with Code42 app executables.
- When install commands run on user devices, Code42 apps retrieve your policy from the Code42 cloud.
If the Code42 app fails to connect to the Code42 cloud and find the policy, it will retry every 5 minutes until it succeeds or a user explicitly stops the process.
- Code42 apps run your policy's detection script in order to determine usernames, home directories, and optionally, organizations.
- When a policy is configured to automatically register users, Code42 apps start security monitoring and backing up data without user intervention. Otherwise, users manually authenticate and register.
If automatic registration fails for any reason, the Code42 app retries every hour. It retrieves the policy again and tries to register again, until it succeeds or a user explicitly stops the process.
As a security measure, you can disable a deployment policy at any time by generating a new deployment token. The policy definition remains intact, but Code42 apps actively making requests for this policy can no longer use the policy. You must uninstall and reinstall the Code42 app with the new deployment token to enable devices to register with this policy.
Step 1: Verify that apps can connect by HTTPS
User devices must be able to reach your administration console by the HTTPS protocol. Check your protocol and port configuration:
- The URL must begin with https://
- Your firewalls must allow client requests to reach the administration console.
When you add a deployment policy to your Code42 cloud-based deployment, the URL auto-populates with the address. For example:
Step 2: Configure an organization
- The organization's authentication method is the policy's authentication method.
- When deployed Code42 apps install, users and devices become members of that organization.
- An organization has one deployment policy only. Child organizations do not inherit their parents' policies.
- Custom images and texts for Code42 apps also belong to organizations. You can define customizations before or after deployment.
Once an organization has a deployment policy, changing the organization's authentication method can easily break the policy. See Deployment policies reference.
Step 3: Select a deployment option
The deployment options available vary with your Code42 environment's configuration:
- Whether you authenticate users with SSO or local authentication.
- Whether and how the deployment's username detection script matches usernames at devices with usernames in your authentication data.
Following are the most common deployment options.
Silent registration with SSO
New Code42 apps register automatically via SSO and start security monitoring and backups without user intervention. Use this option with:
- SSO authentication and local directory services
The deployment's username detection script:
- Matches usernames at devices with usernames in SSO data.
- For the Code42 cloud, SSO usernames are email addresses.
You must customize the installer's detection script to adjust for that.
To create the deployment, see the instructions in Deploy Code42 apps silently with SSO.
Silent registration with local authentication
New Code42 apps register automatically and start backups without user intervention.
- Use this option with local authentication (authentication by the Code42 cloud).
- You must customize your deployment's detection script to specify the user's email address.
- Code42 passwords are hidden. User access to the Code42 app or the administration console requires an administrator to reset that user's password.
To create the deployment, see the instructions in Deploy Code42 apps silently with local authentication.
Require users to manually sign in to the Code42 app. Use this option with:
- Local authentication and user-defined names and passwords
To create the deployment, see the instructions in Deploy Code42 apps for manual sign on.
Before deploying Code42 apps to production devices, always test your entire process and all its scripts and files.
- At your administration console, create at least one test organization.
- Add several test users to that organization.
- Connect test devices for those users to the network that includes your Code42 environment.
- Deploy Code42 apps to the test devices and make sure they work as intended.