Deploy Code42 apps silently with SSO
Who is this article for?
Instructor, no.
Incydr Professional, Enterprise, Gov F2, and Horizon, no.
Incydr Basic, Advanced, and Gov F1, no.
CrashPlan Cloud, no.
Retired product plans, yes.
CrashPlan for Small Business, no.
Callstack:
at xml.select()
at (Template:Code42/SiteMapThisPage), /content/body/pre, line 30, column 11
at template()
at (CP/Admin/On-premises/6/Planning_and_installing/Manage_app_installations_in_your_Code42_environment/Deploy_Code42_apps_silently_with_SSO), /content/body/pre[2], line 6, column 9
Overview
For Code42 environments that control usernames and authentication with an SSO provider, this article describes how to configure deployment packages that install Code42 apps and start backups automatically, silently, with no user intervention.
Considerations
This article assumes you understand the introduction to deployment provided by the article Prepare to deploy Code42 client apps.
These instructions apply to administrators deploying Code42 apps version 6.5 or later with on-premises authority servers version 6.5 or later. If you are using older servers or clients, select the appropriate instructions from Manage app installations in your Code42 environment.
To use these deployment tools, you need to sign in to your Code42 console as a user with one of these roles:
Synchronize usernames
Usernames on endpoint devices need to match usernames in SSO data.
In some cases, provide a custom script to modify the username from the device, and so provide Code42 with a match to the SSO data. See Step 2, below.
If the detection script cannot provide a precise match with SSO data, Code42 creates a user that matches the device username. That user has no password, however, and cannot restore backup data or access the Code42 console.
If you cannot create a reliable script, do not attempt silent deployment. See instead Deploy Code42 apps for manual sign on.
Step 1: Identify the deployment organization
In your Code42 console, create or identify an organization that:
- Uses SSO authentication and local directory services
- Has at least one destination where backups can auto-start.
Check configuration of the organization, as follows:
- Sign in to the Code42 console.
- Select Administration > Organizations > Active.
- Select an organization.
- Note the organization name; you will need it later.
- Select ORG INFO > Security.
- The Authentication needs to be SSO.
- The Directory service needs to be Local.
- Select DEVICE BACKUP DEFAULTS > Backup
- DESTINATIONS must list at least one destination name and Yes.
- The other possible value, DESTINATIONS ... Auto-start, is not acceptable. It means silent deployment is not possible.
- To set a destination to Yes, go to the organization's action menu and select Device Backup Defaults, then click Backup and scroll to Destinations.
- DESTINATIONS must list at least one destination name and Yes.
- Select DEVICE BACKUP DEFAULTS > Network.
- Note whether PROXY is enabled; you will need that information later.
- If necessary, change organization configuration. In the action menu in the upper-right, select Edit.
Step 2: Create the deployment policy
Define the deployment policy for the organization you identified in Step 1.
- In the Code42 console, select Administration > Client Management > Deployment.
- Select Create New Deployment Policy or Create New Policy.
The prompt differs depending on whether you see the initial welcome screen or your list of existing policies. - Enter a Policy Name to describe this policy.
- At How should new users register? select the organization you identified at Step 1, above.
If your organization's name is grayed out in the menu, that organization already has a policy.
You may edit or delete that existing policy. - At Do you want to automatically register users?, select Yes.
- At Which operating systems, select the systems you will deploy Code42 apps to.
- For each operating system you select, select either:
- Use default script (for deployment to Windows and Mac only)
Use the default script if last-logged-in usernames on your endpoint devices exactly match your SSO data. - Add a custom batch/bash script (required for deployment to Linux and for any connection to the Code42 cloud)
Provide a script that identifies the username and home directory that the Code42 app will provide when it registers with your Code42 environment. For details, see the script reference. The script must end by echoing the username and user home directory:echo C42_USERNAME=<value> echo C42_USER_HOME=<value>
- Use default script (for deployment to Windows and Mac only)
- At Do your clients need a proxy URL, select No or Yes, depending on what you determined at Step 1, above.
- At Launch desktop app after initial install, select No for silent deployment.
- Click Save.
The Policy Saved dialog appears. - Click Done.
You can return to the policy and copy the installation properties at any time.
Step 3: Deploy Code42 apps to user devices
Step 4: Verify success
Review device data in the Code42 console
At your authority server, check that deployments succeed by reviewing the number of devices signed in to your organization and backing up data.
- Sign in to the Code42 console.
- Select Administration > Organizations > Active.
- Select the organization you deployed to.
- At the top of the window, click the value under Devices.
The number of devices listed for your org should match the number of devices you deployed Code42 apps to. The quantity of data stored for each device should be greater than zero.
Review client logs
At your test devices, or a selection of your production devices, check the Code42 app service.log.0 file.
- Find the service.log.0 file in one of these locations:
- Windows: C:\ProgramData\CrashPlan\log
To view this hidden folder, open a file browser and paste the path in the address bar. If you installed per user, see the file and folder hierarchy. - Mac: /Library/Logs/CrashPlan
If you installed per user, see the file and folder hierarchy. - Linux: /usr/local/crashplan/log
- Windows: C:\ProgramData\CrashPlan\log
- Open the service.log.0 file with a text editor.
- Search for
CP_ARGS=DEPLOYMENT
Find a line like the following and verify that the installer arguments are correct.CP_ARGS=DEPLOYMENT_URL=https://authority.example.com:4285&DEPLOYMENT_POLICY_TOKEN=e675f3e1-ebb3-496e-9cef-c669db6ffac6&SSL_WHITELIST=7746278a857f64717094c44eeb2bbc32357ece44
- Search for
Results of running user script.
Find lines like the following that verify the Code42 app retrieved the deployment policy and ran the detection script without error.Deploy:: Successfully retrieved deployment package Results of running user script: UserScriptExecutionResults [username=exampleUser, userHomeDirectory=/home/exampleUser]
- Search for
LoginRequest
Find lines like the following that verify that the Code42 app logged in to authority server and is authorized to backup data.UserActionRequest: LoginRequestMessage[809641607873065038] LOGIN: username=exampleUser, password=****, serverAddress=authority.example.com:4287 AUTH:: CPC session is LOGGED_IN
Troubleshooting
If a user opens the desktop UI for a newly deployed Code42 app, but the UI never progresses beyond the message Connecting... , then the deployment has probably failed.
Confirm the error as follows:
- Find the Code42 app service.log.0 file in one of these locations:
- Windows: C:\ProgramData\CrashPlan\log
To view this hidden folder, open a file browser and paste the path in the address bar. If you installed per user, see the file and folder hierarchy. - Mac: /Library/Logs/CrashPlan
If you installed per user, see the file and folder hierarchy. - Linux: /usr/local/crashplan/log
- Windows: C:\ProgramData\CrashPlan\log
- Open the service.log.0 file with a text editor.
- Find deployment errors by searching for
Deploy::, for example:deploy:: Unable to make request
Deploy:: Unable to process deployment package, USERNAME_NOT_IN_OUTPUT