1. Code42 Support
  2. Incydr
  3. Incydr administration
  4. Configuring
  5. Identity management

About identity management

Updated

Overview

Code42's identity management functionality is an important security feature that allows you to give users access to the right resources within Code42. 

Code42 separates the concepts of user authentication and authorization. This approach gives you the flexibility to create and customize your environment based on your organization's needs for security, scalability, employee productivity, and user management.

This article describes the options for connecting your Code42 environment with authentication and provisioning providers for user authentication and authorization: 

  • Single sign-on (SSO)
  • SCIM provisioning
  • Code42 User Directory Sync
  • Local Code42 directory

Comparison of authentication and authorization methods

Each method of authentication and authorization has advantages for different situations. This list describes a few of the highlights of each method.

Method Capability Advantages Disadvantages Scalability
Code42 User Directory Sync  Authorization only
  • Use LDAP to connect your directory service, such as active directory (AD), to Code42 
  • User management
  • Changes made in your directory service are automatically pushed to your Code42 environment. This means security and policy changes stay in sync.
  • Requires third-party product or service
  • Existing environments must contact 

    contact your Customer Success Manager (CSM) to configure

  • Complex
 High
Local Authentication and authorization
  • Default method
  • No extra setup
  • User database backed up by Code42 environment daily backup
  • No automated user management
  • Not integrated into your centralized directory service or SSO provider
  • Changes to your security or organization policies must also be applied to your Code42 environment.
  • Medium
  • Can upload multiple users in a text file
SSO Authentication only
  • Users can sign in once and access all IT services. 
  • Security benefits including reducing password fatigue for your users and limiting the number of third parties storing user credentials
  • Requires third-party product or service
 High
SCIM provisioning Authorization only
  • User management
  • Changes made in your directory service are automatically pushed to your Code42 environment. This means security and policy changes stay in sync.
  • Requires third-party product or service.
 High

Compatibility 

All of these methods are compatible with each other. You can choose any combination of these authentication and authorization methods. 

Authentication

Authentication is the process of identifying and verifying users. In Code42, this occurs when:

  • Users sign in to the Code42 agent or Code42 console
  • Users are registered for the first time
Use unique usernames and passwords
Each individual user needs a unique username and password. Sharing credentials across multiple users is a large security and data privacy risk because users can download backed up files from every device using the same username. 

SSO

Implementing single sign-on (SSO) as the authentication method in your Code42 environment provides security benefits and simplifies the sign-in experience. Code42 SSO uses SAML 2.0.

Introduction and overview

Configuration instructions for Code42 cloud environments

Code42 has tested single sign-on integration with the following identity providers: 

SAML settings

You can integrate any SAML 2.0-compliant identity provider with Code42. In some cases you may need to update the SAML configuration to work with the identity provider's settings. For directions, see Set SAML attributes for SSO.

Authorization

Authorization is the process of determining what roles and permissions a user is entitled to. Use the provisioning provider screen to configure authorization methods within Code42.

In Code42, authorization includes user management. User management allows Code42 to automatically activate and deactivate users, move users into organizations, and assign roles to users.

You can use any of the following authorization methods:

  • Code42 User Directory Sync
  • Local Code42 directory
  • SCIM provisioning

Code42 User Directory Sync

Using LDAP, Code42 User Directory Sync connects your directory service, such as Active Directory (AD), and your Code42 environment. 

Configuration instructions for Code42 cloud environments
  • Existing Code42 environments: Configure Code42 User Directory Sync
  • New Code42 environments: Code42 User Directory Sync is configured during your initial Code42 implementation. 

SCIM provisioning

SCIM is an open standard protocol for automating user management within cloud applications. 

Introduction and overview

Configuration instructions for Code42 cloud environments

Still unsure?

Please contact sales for information on our consulting options.