Deployment policies reference

Overview

Configure deployment packages that install Code42 apps on your users' devices according to your specifications. Integrate your apps with SSO, for example, and install silently, without user intervention. This article describes each element of the Deployment Policies interface.

Considerations

This article assumes you understand the introduction to deployment provided by the article Prepare to deploy Code42 client apps.

These instructions apply to administrators deploying Code42 apps version 6.5 or later with on-premises authority servers version 6.5 or later. If you are using older servers or clients, select the appropriate instructions from Manage app installations in your Code42 environment.

To use these deployment tools, you need to sign in to your Code42 console as a user with one of these roles:

Deployment policies

To view and manage deployment policies:

Sign in to the Code42 console.
Select Administration > Client Management > Deployment.

If your Code42 environment does not yet have any deployment policies, you see the option to Create New Deployment Policy. If your environment already has one or more policies, you see the Deployment Policies list.

Deployment policies list

Item		Description
a	Create New Policy	Open the interface for defining a new Code42 app deployment policy.
b	Policy name	The name of the policy. Click to see policy details.
c	Created On	The date the policy was created.
d	Created By	The username of the administrator who created the policy.
e	Registration Org	Code42 apps deployed with this policy register with this organization. Or, if LDAP scripting is configured, into the organization specified by the script. The organization determines the authentication method and optional proxy address for the policy. If you deactivate an organization, the associated policy will not work. The policy list displays an alert to say so.
f	Edit Policy	Allows you to view and change details of the policy.
g	Delete Policy	Removes the policy from your Code42 environment. Code42 apps deployed to use that policy, but not yet run and installed, will fail to install.

Policy details

In the Deployment Policies list, click a policy name to see details about the policy.

Deployment policy details

Item		Description
a	Policy name	The name of the policy.
b	Edit Policy	Change details of the policy.
c	Registration Org	Code42 apps deployed with this policy register with this organization. Or, if LDAP scripting is configured, into the organization specified by the script. The organization determines the authentication method and optional proxy address for the policy. Version 8.2.5 and later: If your custom script specifies a value for `C42_ORG_REG_KEY`, only users not covered by the script register to this organization.
d	Authentication	The method the registration organization uses to validate the usernames and passwords entered by users in the Code42 app. LDAP (<provider name>): Usernames and passwords are defined in LDAP provider data. Local: Username and passwords are defined in the Code42 console SSO (<provider name>): Usernames and passwords are defined in SSO provider data.
e	Auto Register Users	No: Users must manually sign in to the Code42 app to start security monitoring and backup. You have two options: Advise users to self-register by clicking Sign up in the Code42 app. Create user accounts and provide the credentials to users. Yes: The username is determined by the deployment policy's detection script. The Code42 app authenticates with SSO. Security monitoring and backup begins automatically, provided the destination is set to auto-start.
f	Windows Script Mac Script Linux Script	Defines how the Code42 app detects the username and user home directory. In version 8.2.5 later, the detection script can also optionally specify the organization. Scripts differ by operating systems. Use default script: The Code42 app uses a script supplied by Code42 that is suitable for typical Windows and Mac devices. Use a custom bash/batch script: The Code42 app uses a script supplied by the administrator who creates the policy. See Deployment script and command reference for more details.
g	Use Org Proxy URL to connect?	Yes: The Registration Org requires Code42 apps to communicate through a proxy server. To see the URL of an organization's proxy auto-config (PAC) file, go to Organizations > [select an organization] > Action menu > Device Backup Defaults > Network > Proxy. No: Code42 apps communicate with Code42 servers directly.
h	Launch desktop app after install?	Yes: After installation on a Windows or Mac device, the Code42 app opens for the user to see and use. Not applicable on Linux. No: The Code42 app does not show until the user manually opens the app.
i	Last Modified	The date the policy was last saved.
j	Created On Created By	The date the policy was created. The username of the administrator who created the policy.
k	Installation properties	These strings provide arguments for a command that installs a Code42 app. Use them in your device management tool or installation scripts. See Deployment script and command reference for more details.
l	Generate new token	Give the policy a new identifier string. Generate a new token if you suspect unauthorized use of the deployment policy. Any Code42 apps previously deployed with the policy, and not yet installed, will fail to install. You will need to install them with the new, active, deployment token.

Create or edit deployment policy

Version 8.2.5 and later

In the Deployment Policy view, select Create New Policy or Edit Policy.

Create deployment policy, version 8.2.5 and later

Item		Description
a	Policy Name	Enter a name to describe and identify this policy.
b	The deployment policy determines the user's organization	Determines the user's organization. If your custom script specifies a value for `C42_ORG_REG_KEY` (see item g below), only users not covered by the script register to this organization. Users register according to the authentication method and directory services configured for their organization. If an organization already has another deployment policy, it is dimmed in the dropdown and cannot be selected. Choose a different organization, or edit the existing policy for that organization.
c	Authentication Method	The Code42 app uses the authentication method defined for the user's organization. LDAP (<provider name>): Usernames and passwords are defined in LDAP provider data. Local: Username and passwords are defined in the Code42 console. SSO (<provider name>): Usernames and passwords are defined in SSO provider data.
d	Do you want to automatically register users?	No: Users must manually sign in to the Code42 app to start security monitoring and backup. You have two options: Advise users to self-register by clicking Sign up in the Code42 app interface. Create user accounts and provide the credentials to users. Yes: The username is determined by the deployment policy's detection script. The Code42 app authenticates with SSO. Security monitoring and backup begins automatically, provided the destination is set to auto-start.
e	Which operating systems should use this policy when installing the client?	Determines which operating systems use this policy during Code42 app deployment.
f	Use default script	The Code42 app uses a detection script supplied by Code42 that is suitable for typical Windows and Mac devices. Linux devices cannot use the default script; a custom script is required.
g	Add a custom bash script for detecting username, user home, and organization	Uses your custom script to define how the username, user home directory, and the user's organization are determined. All custom scripts must end by writing the `C42_USERNAME` and `C42_USER_HOME` variables to standard output (see below). `C42_ORG_REG_KEY` can also be included to define the organization, but this is optional. If `C42_ORG_REG_KEY` is not present, the Code42 app uses the default organization selected for this deployment policy. echo C42_USERNAME=<value> echo C42_USER_HOME=<value> echo C42_ORG_REG_KEY=<value> To specify an organization, use the registration key. For more details about customizing scripts, see Deployment script and command reference. For assistance with custom scripts, contact your Customer Success Manager (CSM) to engage the Code42 Professional Services team. Require users to manually enter their usernames The main purpose of selecting operating systems in this section is to generate the appropriate scripts to automatically detect the username during Code42 app installation. To require users to manually enter their usernames, do not select any operating systems. By leaving all operating systems blank, a deployment policy is still created, but there is no user detection script. As a result, users must enter their usernames to complete the installation process on their device. The server address is still automatically populated for users by the deployment policy.
h	Do your clients need a proxy URL?	No: Code42 apps communicate with Code42 servers directly. Yes: The Registration Org requires Code42 apps to communicate through a proxy server. To see the URL of an organization's proxy auto-config (PAC) file, go to Organizations > [select and organization] > Action menu > Device Backup Defaults > Network > Proxy.
i	Launch desktop app after initial install?	Yes: After installation on a Windows or Mac device, the Code42 app opens for the user to see and use. Not applicable on Linux. No: The Code42 app does not show until the user manually opens it.

Versions 6.5 - 7.x

In the Deployment Policy view, select Create New Policy or Edit Policy.

Deployment policy, create

Item		Description
a	Policy Name	Enter a name to describe and identify this policy.
b	How should new users register?	Select an organization. The configuration of the organization determines how new Code42 apps register with their Code42 environment, create accounts, and start backups. A greyed out name is for an organization that already has a policy. For that organization, edit the existing policy.
c	Authentication Method	Newly deployed Code42 apps use the authentication method defined for their organization. LDAP (<provider name>): Usernames and passwords are defined in LDAP provider data. Local: Username and passwords are defined in the Code42 Code42 console. SSO (<provider name>): Usernames and passwords are defined in SSO provider data.
d	Do you want to automatically register users?	No: Users must manually sign in to the Code42 app before back up starts. You have two options: Advise users to self-register by clicking Sign up in the Code42 app interface. Create user accounts on your authority server and provide the credentials to users. Yes: The deployment's detection script (items f and g, below) acquires the username from the operating system. The Code42 app authenticates with LDAP or SSO. Backups begin automatically, provided the destination is set to auto-start.
e	Which operating systems should use this policy when installing the client?	Select which operating system you deploy Code42 apps to. Select how Code42 apps will detect their username and home directory. Require users to manually enter their usernames The main purpose of selecting operating systems in this section is to generate the appropriate scripts to automatically detect the username during Code42 app installation. To require users to manually enter their usernames, do not select any operating systems. By leaving all operating systems blank, a deployment policy is still created, but there is no user detection script. As a result, users must enter their usernames to complete the installation process on their device. The server address is still automatically populated for users by the deployment policy.
f	Use default script	The Code42 app uses a detection script supplied by Code42 that is suitable for typical Windows and Mac devices.
g	Add a custom script	The Code42 app uses a detection script supplied by the administrator who creates the policy. Custom scripts must end by writing two variables to standard output: echo C42_USERNAME=<value> echo C42_USER_HOME=<value> For Linux, a custom script is the only option. See Deployment script and command reference for more details
h	Do your clients need a proxy URL?	No: Code42 apps communicate with Code42 servers directly. Yes: The Registration Org requires Code42 apps to communicate through a proxy server. To see the URL of an organization's proxy auto-config (PAC) file, go to Organizations > [select and organization] > Action menu > Device Backup Defaults > Network > Proxy.
i	Launch desktop app after initial install?	Yes: After installation on a Windows or Mac device, the Code42 app opens for the user to see and use. Not applicable on Linux. No: The Code42 app does not show until the user manually opens it.

Policy saved

When you save a newly defined or edited policy, the Policy Saved dialog appears.

Deployment policy saved

Item	Description
a	Installation properties	Use these strings as arguments to a command that installs a Code42 app. Click to copy and download the properties now, or access them later from the policy details view.
b	Done	Close the dialog and return to the Deployment Policies list.

Item

Description

a

Installation properties

Use these strings as arguments to a command that installs a Code42 app.

Click to copy and download the properties now, or access them later from the policy details view.

b

Done

Close the dialog and return to the Deployment Policies list.

Authentication mismatch

Authentication mismatch message

Mismatches occur when you:

Define an organization to use LDAP or SSO authentication.
Assign that organization a deployment policy with auto-registration.
Edit the organization to use local authentication.

The policy becomes invalid because the organization can no longer support auto-registration.

The solution is to reconfigure the organization or edit the policy.