Skip to main content

Who is this article for?

Incydr Professional, Enterprise, Horizon, and Gov F2
Incydr Basic, Advanced, and Gov F1

Find your product plan in the Code42 console on the Account menu.

Instructor, no.

Incydr Professional, Enterprise, Horizon, and Gov F2, yes.

Incydr Basic, Advanced, and Gov F1, yes.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Scope a data connection

Overview

The users you monitor with a Code42 data connection directly determine the number of licenses that data connection needs:

  • Business tools: Each monitored Salesforce user with the "Report export" permission consumes one license.
  • Cloud storage: Each unique monitored user with at least one active drive consumes one license. This total does not include duplicate drives created in OneDrive by Microsoft's compliance tools or any archived user drives in Google Drive.
  • Email service: Each monitored user's mailbox consumes one license.

To control costs, you can narrow (or "scope") the users monitored by a data connection to only specific users. This article describes how to plan and scope a data connection to only the users you want to monitor.

Considerations

  • CSV files used for scoping:
    • Are limited to 1,000 entries.
    • Must contain the required header rows per environment. See Develop the scoping CSV file below for more details.
  • Uploading a new scoping CSV file replaces the existing list of users or groups that Code42 monitors.
  • Code42 scoping supports "nested" groups. If you use group scoping, Code42 discovers users in child group names or email addresses that are included in other parent groups.

Each monitored user consumes a license

Data connector licenses are issued and tracked separately from endpoint licenses. You can temporarily monitor more users than your connection is licensed for, but Code42 contacts you when your data connection's license count is exceeded.

Go to Administration > Status > License Plan to view the data connection licenses you currently have in use or available for use. If you see overages, reduce the number of licenses being used by setting the connection to monitor only specific users or only the users in specific groups.

How Code42 counts users

Each user monitored by a data connection consumes one data connection Code42 license. Code42 counts the users it monitors (and thus those that consume a license) as follows:

  • Business tools: Any user with the "Report export" permission.
  • Cloud storage: Any user with an active drive, excluding duplicate drives created by compliance tools or disabled or archived drives. Google shared drives do not count against licensing.
  • Email service: Any active user with an email mailbox.

You can limit those monitored by Code42 to only the specific users you identify, or only the users in the specific groups you identify.

Unexpected users

Monitored "users" can come from sources you don't expect. For example, it's common for the following to have an email account, an active drive in the environment, or permissions that cause it to be included in Code42 monitoring:

  • Telephone and conference rooms
  • Dedicated administrative accounts
  • Service accounts
  • Google Vault or eDiscovery accounts

To avoid including these types of "users," do not use the All option when authorizing the data connection. Instead, select either the user or group options to exclude these unexpected users from monitoring.

Scope a Code42 data connection

Scoping a data connection is a multi-step process. First, work with stakeholders to plan who should (and who should not) be monitored by the data connection. Make sure that the users you want to monitor are correctly set up in the vendor cloud account. If you want to scope by groups, verify that users are set up as members of those dedicated groups. Next, create the scoping file that identifies only the usernames or group names that Code42 should monitor. Finally, upload that scoping file to Incydr when you connect Code42 to your environment.

Plan user scoping

Before connecting Code42 to your Box, Google, Microsoft, or Salesforce environment, take some time to plan and identify the users you want that connection to monitor.

  • Identify the following users:
    • The employees that you want the data connection to monitor. Examples of these users may include:
      • Executives, managers, or other employees with elevated access rights
      • Employees who are either new to your company or are leaving for other opportunities
      • Developers, designers, or project managers with access to customer data or important design files
      • Any users with access to sensitive organizational data, such as members of your Legal, Finance, Sales, or Human Resources teams
      • Employees with access to personal identifiable information (PII)
    • The employees that don't need to be monitored. Examples of these users may include:
      • Assembly, manufacturing, or service personnel
      • Users on your creative teams that routinely create material intended for the public, such as on your Training, Video Production, or Marketing teams
      • Members of teams who routinely exchange files with external users, such as Purchasing, Billing, or Customer Service team members
      • Any users who do not have access to sensitive organizational data or systems
    • Any unexpected "users" that should be excluded, like service accounts, conference rooms, or administrative accounts.
  • For Salesforce, verify that the appropriate users have the "Report export" permission. Only these users can generate and download reports from your Salesforce data, and thus only these users are monitored by the Code42 Salesforce connection.
  • Consider creating groups in your environment to organize users, as you can only import scoping CSV files that contain less than 1,000 entries into Code42 during the authorization process. When you monitor users in specific groups, the Code42 connection automatically monitors (or stops monitoring) users as they move into and out of those groups. Refer to the following vendor documentation for details on creating groups in those environments:

Develop the scoping CSV file

After planning the users that should be monitored by the Code42 connection, create a CSV file that identifies only these users. This file can list either the specific users you want to monitor, or the specific groups whose users you want to monitor. When you scope to groups, Code42 automatically starts or stops monitoring users as they move into and out of those groups.

Scoping CSV files are limited to 1,000 entries
During the authorization process, Code42 cannot import scoping CSV files that contain more than 1,000 entries. Consider identifying the users you want to monitor by groups if your organization has a large number of users you want to monitor. 

Create a user scoping CSV file

  1. Use the vendor's tools to export a CSV file that lists all of the users in that environment. Refer to the following vendor documentation:
  2. Open the exported CSV file. Verify that it contains a column header row labeled as follows. If not, add one.
    • Salesforce, Box, and Microsoft: Email or Email Address
      Identify OneDrive users by display name, if needed
      Microsoft does not require OneDrive users to be associated with an email address, so some users are identified by their display name instead. In the OneDrive scoping CSV file, you can identify these users under a column header row labeled either Display Name or Owner.
    • Google: Email Address [Required], Email Address, or Emails
    Code42 reads usernames from these column headers in the CSV file. If these columns contain any entries that aren't email addresses, the file you upload during the authorization process produces an error.
  3. Delete any entries for users you do not want the Code42 connection to monitor from the file.
  4. Save the file. Upload this file to Code42 when you authorize its connection to your environment.

Click one of these links to download an example user scoping file for that environment:

Create a group scoping CSV file

  1. Create a new CSV file to list the groups whose users you want to monitor.
  2. In the new file, create a column header row labeled as follows:
    • Salesforce, Box: Group Name or Groups
    • Google: Either Group Name or Groups, or alternately either Email or Email Address
      You can identify Google groups either by the group name or by the email address associated with the group.
    • Microsoft: Either Display Name or Groups, or alternately either Email or Email Address 
      You can identify Microsoft groups either by the display or group name or by the email address associated with the group.
    If the CSV file does not contain at least one of these headers, the file you upload during the authorization process produces an error.
  3. Specify the name of each group (or alternately the email address associated with that group, for Google and Microsoft) whose users you want to monitor on a separate line under that header. Enter group names or email addresses exactly as they appear in the administration console for that environment.
  4. Save the file. Upload this file to Code42 when you authorize its connection to your environment.

Click one of these links to download an example group scoping file for that environment:

When a data connection is scoped to groups, Code42 automatically locates users associated with that group in the environment after you authorize the connection.

  • For Salesforce and Box, Code42 attempts to look up users associated with the specified group name from the CSV file. If the group name cannot be found, Code42 proceeds to the next group. Code42 looks for that group again every 24 hours. 
  • For Microsoft and Google, Code42 looks for users associated with those groups as follows:
    • When a group's name or email address is provided, Code42 attempts to look up users associated with that group name or group email address. 
    • If the group includes another group name or email address (a "nested" group), Code42 looks up users associated with that nested group as well.
    • If the group name or email address cannot be found, Code42 proceeds to the next entry in the CSV file. Code42 looks for that group or email address again either every 8 hours (for Microsoft groups) or every 24 hours (for Google groups).

As users are added to and removed from the monitored groups, Code42 automatically detects changes and adjusts monitoring of users accordingly.

Upload the CSV file during data connection authorization

Upload the scoping CSV file to Code42 when you authorize its connection to your environment. You can also deauthorize and resume monitoring a data connection to reconfigure its scoping and replace the existing scoping list with a new scoping CSV file.

See these articles for more information:

Reconfigure scoping for user and group monitoring

If needed, you can reconfigure a data connection's scoping to add new users or groups, or switch from monitoring specific users to monitoring specific groups.

  1. Deauthorize the data connection.
    • For Salesforce, Gmail, and Microsoft Office 365 email connections, Code42 removes the connection's configuration and authorization information immediately after you deauthorize the connection.
    • For Box, Google Drive, and Microsoft OneDrive cloud storage connections, the Code42 application's registration in that environment remains valid even if the connection is deauthorized. You do not need to remove it from the cloud storage environment.
  2. Do one of the following, depending on the data connection:
    • For Salesforce, Gmail, and Microsoft Office 365 email connections, set up a new connection to that environment by clicking Add Data Connection on the Data Connections screen.
    • For cloud storage connections, resume monitoring that data connection.
      You are prompted to set up the cloud storage connection again.
  3. In the Add users step of the reauthorization process, select the appropriate monitoring option and then upload a new CSV file containing the updated users or groups you want to monitor.
  • Was this article helpful?