Deployment policies reference
Overview
Configure deployment packages that install Code42 agents on your users' devices according to your specifications. Integrate your apps with SSO, for example, and install silently, without user intervention. This article describes each element of the Deployment Policies interface.
Considerations
Insider risk agent
Deployment policies
To view and manage deployment policies:
- Sign in to the Code42 console.
- Select Administration > Agent Management > Deployment.
If your Code42 environment does not yet have any deployment policies, you see the option to Create deployment policy. If your environment already has one or more policies, you see the deployment policies list.
| Item | Description | |
|---|---|---|
| a | Create deployment policy | Open the interface for defining a new insider risk agent deployment policy. |
| b | Name | The name of the policy. |
| c | Created | The date the policy was created and the username of the administrator who created the policy. |
| d | Registration organization |
Insider risk agents deployed with this policy register with this organization.
The organization determines the authentication method and optional proxy address for the policy.
If you deactivate an organization, the associated policy will not work. |
| e | Organization Status | The status of the registration organization. |
| f | View details  |
Allows you to view and change details of the policy. |
Policy details
In the deployment policies list, click View details 
to see details about the policy.
If you are within an Incydr Basic, Advanced, and Gov F1 environment enabled for agent modernization, select the insider risk agent tab.
| Item | Description | |
|---|---|---|
| a | Policy name | The name of the policy. |
| b | Delete | Removes the policy from your Code42 environment. Insider risk agents deployed to use that policy, but not yet run and installed, will fail to install. |
| c | Edit |
Change details of the policy. |
| d | Details | The details of the policy. |
| e | Scripts | The user detection scripts for the policy. |
| f | Registration organization |
Insider risk agents deployed with this policy register with this organization. If your custom script specifies a value for
The organization determines the authentication method and optional proxy address for the policy. |
| g | Created and Last modified dates | The dates the policy was created and last saved. |
| h | Configured operating systems | The operating systems the policy is configured for (Windows, Mac, or Linux). |
| i | Use organization's proxy URL | Specifies whether agents should use a proxy URL to connect to the Code42 cloud. |
| j | Deployment properties |
Use these strings as arguments to a command that installs a insider risk agent:
Click the links to download or copy the properties.
For more information about the DEPLOYMENT_URL and DEPLOYMENT_POLICY_TOKEN, see Deployment script and command reference for the insider risk agent. |
| k | Command-line arguments | These strings provide arguments for a command that installs a insider risk agent. Use them in your device management tool or installation scripts. See Deployment script and command reference for the insider risk agent for more details. |
Scripts
In the policy details view, click the Scripts tab. To update the scripts, click Edit.
For information about user detection scripts, see Deployment script and command reference for the insider risk agent.
Create or edit deployment policy
In the Deployment policies view, select Create deployment policy, or in the policy details click Edit.
| Item | Description | |
|---|---|---|
| a | Deployment policy name | Enter a name to describe and identify this policy. |
| b | Registration organization |
Select the organization to use this deployment policy. Users register according to the authentication method and directory services configured for their organization.
If an organization already has another deployment policy, it is excluded from the dropdown list. Choose a different organization, or edit the existing policy for that organization.
If your custom script specifies a value for |
| c | User detection scripts |
Select all operating systems you want to use in your deployment policy, and then enter the custom user detection scripts you want to use for each.
Your custom script defines how the username and the user's organization are determined. A summary of script requirements is listed below, but for complete details about customizing scripts, see Deployment script and command reference for the insider risk agent.
All custom scripts must end by writing the echo C42_USERNAME=<value> echo C42_ORG_REG_KEY=<value>
|
| d | Do your clients need a proxy URL to connect to the Code42 cloud? |
|
Deployment secrets
In the deployment policies view, click Deployment secrets to see available secrets.
Deployment Secrets are used in the policy details to authorize the agent and limit the time in which an agent can register. Every deployment policy must have a deployment secret. A deployment secret can be used by any deployment policy for any organization in the tenant.
Deployment secrets expire after a set amount of time to ensure ongoing security. By default, deployment secrets expire after one year. If a secret expires, you can extend it to reactivate it.
Before the end of the one-year period, extend the secret to authorize its use for another year. If a deployment secret expires, deployments using that secret fail until the secret is extended.
You can disable a deployment policy at any time by revoking the deployment secret. The policy definition remains intact, but insider risk agents actively making requests for this policy can no longer use the policy. To re-enable the policy, extend the secret.
| Item | Description | |
|---|---|---|
| a | Active | Select to show active secrets that can be used in deployment policies. |
| b | Expired |
Select to view secrets that have passed their expiration date or have been revoked. When viewing expired secrets, click Reactivate to reinstate the secret. |
| c | Create deployment secret | Create a new secret that can be used in deployment policies. By default, newly-created secrets do not expire for one year. |
| d | Secret |
The secret's unique string. Secrets appear in the policy's details. A deployment token must always be presented with a secret in the deployment policy. |
| e | Expiration date (UTC) | The date the secret is no longer valid to authorize an agent installation. The time is based on the device’s system clock and reported in Coordinated Universal Time (UTC). |
| f | Extend | Lengthen the amount of time that the secret is active by a year. |
| g | Revoke | Nullify the secret. Revoking the secret prevents registration for clients deployed with the secret that have not yet connected to the Code42 cloud. Clients already registered with the secret are not affected. To re-enable the policy, extend the secret. |
Code42 agent, backup agent, and legacy agent
Deployment policies
To view and manage deployment policies:
- Sign in to the Code42 console.
- Select Administration > Agent Management > Deployment.
If your Code42 environment does not yet have any deployment policies, you see the option to Create New Deployment Policy. If your environment already has one or more policies, you see the Deployment Policies list.
| Item | Description | |
|---|---|---|
| a | Create deployment policy | Define a new Code42 agent deployment policy. |
| b | Name | The name of the policy. Click to see policy details. |
| c | Created | The date the policy was created and the username of the administrator who created the policy. |
| d | Registration organization |
Code42 agents deployed with this policy register with this organization.
The organization determines the authentication method and optional proxy address for the policy.
If you deactivate an organization, the associated policy will not work. |
| e | Organization Status | The status of the registration organization. |
| f | View details |
Allows you to view and change details of the policy. |
Policy details
In the Deployment Policies list, click a policy name to see details about the policy.
If you are in an Incydr Basic, Advanced, and Gov F1 environment enabled for agent modernization, select the correct tab: Backup agent or Legacy agent. For details about the Insider risk agent tab, see Insider risk agent above.
| Item | Description | |
|---|---|---|
| a | Policy name | The name of the policy. |
| b | Delete | Deletes the policy. Any Code42 agents deployed with this policy that have not yet completed installation will fail to install. |
| c | Edit Policy |
Change details of the policy. |
| d | Details | The details of the deployment policy. |
| e | Scripts | The user detection scripts for the policy. |
| f | Registration organization |
Code42 agents deployed with this policy register with this organization. If your custom script specifies a value for
The organization determines the authentication method and optional proxy address for the policy. |
| g | Authentication |
The method the registration organization uses to validate the usernames and passwords entered by users in the Code42 agent.
|
| h | Auto Register Users |
|
| i |
Created and Last modified dates |
The dates the policy was created and last saved. |
| j | Configured operating systems | The operating systems the policy is configured for (Windows, Mac, or Linux). |
| k | Launch desktop app after install |
|
| l | Use organization's proxy URL |
|
| m | Installation properties | These strings provide arguments for a command that installs a Code42 agent. Use them in your device management tool or installation scripts. See Deployment script and command reference for the backup and legacy agents for more details. |
| n | Generate new token |
Give the policy a new identifier string.
|
Create or edit deployment policy
In the Deployment Policy view, select Create New Policy or Edit Policy.
| Item | Description | |
|---|---|---|
| a | Deployment policy name | Enter a name to describe and identify this policy. |
| b | Registration organization |
Determines the user's organization. If your custom script specifies a value for
Users register according to the authentication method and directory services configured for their organization.
If an organization already has another deployment policy, it is dimmed in the dropdown and cannot be selected. Choose a different organization, or edit the existing policy for that organization. |
| c | Do you want to automatically register users? |
|
|
d |
User detection scripts |
Select all operating systems you want to use in your deployment policy, then enter the custom user detection scripts you want to use for each.
Your custom script defines how the username, user home directory, and the user's organization are determined. A summary of script requirements is listed below, but for complete details about customizing scripts, see Deployment script and command reference for the backup and legacy agents.
All custom scripts must end by writing the echo C42_USERNAME=<value> echo C42_USER_HOME=<value> echo C42_ORG_REG_KEY=<value>
Require users to manually enter their usernames
The main purpose of selecting operating systems in this section is to generate the appropriate scripts to automatically detect the username during Code42 agent installation. To require users to manually enter their usernames, do not select any operating systems. By leaving all operating systems blank, a deployment policy is still created, but there is no user detection script. As a result, users must enter their usernames to complete the installation process on their device. The server address is still automatically populated for users by the deployment policy. |
| e | Do your clients need a proxy URL to connect to the Code42 cloud? |
|
| h | Launch desktop app after initial install? |
|
Authentication mismatch
Mismatches occur when you:
- Define an organization to use SSO authentication.
- Assign that organization a deployment policy with auto-registration.
- Edit the organization to use local authentication.
The policy becomes invalid because the organization can no longer support auto-registration.
The solution is to reconfigure the organization or edit the policy.