Organizations reference

Overview

Organizations are the way to group users in your Code42 environment. You can configure different organizations to use different settings.

Organization, user, and device hierarchy

Activity in your Code42 environment is managed by settings at three levels: organizations, users, and devices.

Organization

The hierarchical level in the Code42 environment for users and their devices. Each user can belong to only one organization. You can define many settings at the organization level; different organizations can have different settings. An organization can contain child organizations, and an organization can exist without containing any users.

User

A single account in your Code42 environment. A user account has a single set of sign-in credentials (username and password) and a single encryption key for all backups. A user always belongs to one (and only one) organization.

Device

A single computer within your Code42 environment. May be used interchangeably with endpoint. A Code42 agent is installed on a device.

Incydr displays data for users in all organizations
Visibility of activity captured by Incydr is not limited by your Code42 organization hierarchy.

Code42 organizations only control endpoint settings related to file preservation (backup), agent deployment, and identity management. Users with roles that allow access to Incydr features (such as the Risk Exposure dashboard, Alerts, and Forensic Search) can view insider risk data for users in all organizations.

Organizations

The Organizations screens display information about the organizations in your Code42 environment. From Organizations, you can:

  • Add organizations
  • Click an organization name to view more details about that organization
  • Perform actions on the selected organization

To access the Organizations screens, select Administration > Environment > Organizations from the menu.

Organizations list with annotations

Item Description
a Create Organization Click to add a new organization.
b Export Exports the list of organizations in CSV format.
c Filter 

Filters the list of organizations by status. You can view either active or deactivated organizations. By default, the table shows only active organizations.

d Filtered by The filter used to display information in the table. If you are viewing deactivated organizations, click the X to remove that filter and display active organizations.
e Name The organization's name.
f Status The organization's status: Active or Deactivated. Deactivated organizations are hidden by default. Click Filter to view the organizations listed in the table by status.
g Users The number of active users in the organization. Click the value in the column to view the list of users. 
h Insider risk agents

The number of devices in the organization with the insider risk agent installed. Click the value in the column to view the list of agents. 

If you have backup agents, they appear in a separate column.

i Expand expand_icon_2021-06-18.png Click to expand a parent organization to view its child organizations. 
j View organization details details_chevron_2020-05-28.png Click to open the organization's details to view more information, such as the authentication or proxy methods the organization uses and which exfiltration vectors are being monitored in that organization.
k Collapse collapse_icon_2021-06-28.png Click to collapse the list of child organizations. 

Create an organization

You can add a new organization from either the Organizations table or from an organization's detail screen.

  1. Select how to add the new organization:
    • On the Organizations table, click Create Organization.
    • On an organization's detail screen, select Actions > Add child organization
  2. Enter a name for the new organization.
    Names must contain at least 3 characters, to a maximum of 220 characters.
  3. If you're creating a new organization from the Organizations screen, select the new organization's parent organization.
    By default, new organizations are created as children of your top-level organization, but you can select a different parent organization if needed. When you add an organization using the Actions menu on an organization's detail screen, the new organization is automatically created as a child of that existing organization.
  4. Click Create.

Filter the Organizations table

By default, the Organizations table automatically lists only active organizations. To change the view:

  1. Click Filter filter_icon__1_.png.
  2. Select the Status of the organizations that you want to view: Active or Deactivated.
  3. Click Apply.
    The table changes to show the organizations with the status you selected.

CSV export

Export the current list of organizations to a CSV file by clicking Export

Field Description
orgId Identification number for the organization.
parentOrgId Identification number for the parent organization.

orgName

Name of the organization.
registrationKey Registration Key for this organization.
status Organization is active or blocked.
active TRUE: Active
FALSE: Blocked
blocked TRUE: Blocked
FALSE: Not blocked
computerCount Number of devices registered to users in this organization.
backupDeviceCount Number of devices using the Code42 agent.

shareDeviceCount

Deprecated.
planCount Number of plans under this organization.

warningCount

Number of warning alerts for this organization. A warning alert happens when a device has not backed up to any destination for longer than the number of days defined in the Organization's Settings

criticalCount

Number of critical alerts for this organization. A critical alert happens when a device has not backed up to any destination for longer than the number of days defined in the Organization's Settings.

targetComputerGuid

Globally Unique IDentifier for the device used for computer-to-computer back up.
targetDestinationGuid The globally unique identifier of the destination.

selectedFiles

Total number of files selected for backup.

selectedBytes

Total number of bytes selected for backup.

todoBytes

Total bytes of data remaining to back up.

todoFiles

Total number files remaining to back up.

archiveBytes

Total bytes the archive occupies on disk.

orgGuid Globally unique identifier of the organization.
parentOrgGuid Globally unique identifier of the parent organization.
orgUid The UID (unique ID) of the organization.
parentOrgUid The UID (unique ID) of the parent organization.
orgExtRef

Optional external reference information, such as a serial number, asset tag, employee ID, or help desk issue ID.

notes

View organization details

Click any row in the Organizations table to view more information about that organization.

The options that appear in organization details vary, depending on what agent types are available in your Code42 environment. 

alt

Item Description
a

Organization name

The name of the organization. 

If the organization is a child of another organization, the parent organization's name is listed. Click the link to open the details for that parent organization.

b Organization status The organization's status: Active or Deactivated
c Child organizations The number of child organizations assigned to this parent organization. Click the total to view this organization's child organizations. Deactivated child organizations are not included in this total.
d Users The number of active users in the organization. Click the total to view a list of this organization's users.
e

Agents

The total number of agents in the organization, followed by separate counts for insider risk agents, backup agents, and legacy agents. Click a value to view the list of agents. 

f Actions

Select the action you want to take on the organization from the menu:

  • Edit organization name
    When the Edit organization name panel opens, change the organization's name and then click Save.
  • Add user
    Not available for deactivated organizations.
  • Add child organization
    Not available for deactivated organizations.
  • Change parent organization1
    Not available for the top-level or deactivated organizations. When the Change parent organization panel opens, select the new parent to use for this organization and then click Save.
  • Activate / Deactivate
    Not available for the top-level organization. When the confirmation message appears, click Activate or Deactivate to complete the action. For more information, see Block, deauthorize, and deactivate.

The following actions only appear if you are licensed for backup: 

  • Edit organization info
    Edit organization settings including quotas, reporting and security.
  • Device backup defaults 
    Edit default device backup settings for this organization.
  • Upgrade Clients 
    Update the Code42 agent on all devices in this organization to the most recent available version. This does not affect child organizations.
  • Email backup report 
    Email a backup report for a specified period to email addresses of your choice.
g Registration key

The registration key for this organization.

h Date created

The date the organization was created.

i

Restores

Displays the number of restores that have occurred in this organization. Click to view the restore history in detail.

Backup agent only

j Cold storage

Displays the cold storage used by this organization. Click to view the cold storage use in detail.

Backup agent only

k Authentication

Identifies the authentication provider and local two-factor authentication settings (if any) that control how users are authenticated. (You can also manage an organization's authentication provider settings from Identity Management.) 

Authentication provider

This section identifies the method the organization uses to authenticate users as well as the identity management provider your organization uses.

  • Local: Users authenticate against the local Code42 platform directory.

  • SSO: Users authenticate against the specified Authentication provider.

For more information, see Configure an organization's authentication provider settings.

Local two-factor authentication

Defines two-factor authentication requirements for local administrative users that log into the Code42 console.

  • Enabled: Requires affected users (see details below) to configure two-factor authentication (Google Authenticator is our recommended application). Users must then provide a one-time authentication code in addition to their Code42 username and password to access the Code42 console.
  • Disabled: Locally authenticated users are only required to provide their Code42 username and password to access the Code42 console.

Affected users:

  • If this organization integrates with a dedicated identity provider, this setting only applies to local users. Typically, this is a very limited number of administrator accounts reserved for troubleshooting your authentication provider.
  • If this organization only uses Local authentication (as selected in the Authentication provider section above), this setting applies to all users.
  • This setting does not apply to:
    • The Code42 agent
    • Any existing multi-factor authentication requirements managed by your external identity provider

For more information, see Two-factor authentication for local users

l

Insider risk

Includes settings for:

m

Preservation

Displays storage statistics and current device backup settings. To change these settings, see Configure device backup settings

Backup agent only

n

Reference

External Reference: Provides a Notes field for you to enter optional external reference information such as a serial number, asset tag, employee ID, or help desk issue ID.

For organizations with backup agents, changing organizations can affect backups. If users are moved to a different organization, it could affect their backup. For example:

  •  Different destinations offered: If the new organization does not offer the same destinations as the user's previous organization, any of the user's data from destinations that are no longer offered are put in to cold storage. Data in cold storage is deleted according to your cold storage retention policy. 
  • Frequency and version settings: Any differences in the new organization's frequency and version settings are applied to the backup archive after the user device connects to the Code42 cloud. Depending on the new organization's frequency and version settings, some data could be removed.
  • Auto-start backups: If the new organization has any destinations configured to auto-start, the Code42 agent begins backing up to those destinations immediately. Destinations that are not configured to auto-start appear in the Code42 agent for the user to select.

Edit organization info

Backup agent only

From organization details, select Actions > Edit organization info to access settings for quotas, reporting, and security. Each section is explained in detail below.

Quotas

To change quota settings, you must have a role with administrative rights to the organization's parent organization, such as the Cross Org Admin role.

Organization settings Quotas

Item Description
a Name Sets the name of this organization.
b Inherit quota settings from parent

Configures the organization to take on the quota settings of the organization defaults (system-wide organizations) or its parent organization. When enabled, settings must be edited at the organization default or parent organization level.

c Maximum user subscriptions

Sets the maximum number of user subscriptions allowed for this organization.

  • All user accounts with a backup archive contribute toward the quota.
  • Moving users in and out of organizations can cause an organization to be over the quota.
  • No child organization can have a higher quota than a parent organization.
  • Changing the quota on a parent organization does not change the quota on child organizations, unless the children inherit the quota from the parent.
d Move deactivated archives to cold storage for Allows you to set and view the cold storage period. After this period expires, the archives are deleted from the file system.
e Web restore limit 1

Amount of data that users are allowed to restore in a zip file restore session.

  • This does not apply to device restores.
  • A value of 0 MB disables web restores for users.
  • Select Unlimited to set no web restore limit.2
f Web restore limit for Org Manager Role 1

Amount of data that administrators are allowed to restore in a zip file restore session.

  • Applies to administrators with the Org Manager, Cross Org Manager, Org Admin, or Cross Org Admin role.
  • This setting does not apply to device restores.
  • Select Unlimited to set no web restore limit.

Zip file restores are not available in the Code42 federal environment. Instead, use the device restore feature to restore files to a device.

2 The default restore limit for zip files is 250 MB. Even though this limit can be adjusted, zip files have their own inherent size limitations. Our Technical Support Engineers typically see that file selections larger than 1 GB fail. Web restores are useful for quick, small downloads in emergency situations, or when other restore methods are not available. Large restores should be done through the Code42 agent or using the device restore feature.

Reporting

Organization settings Reporting

Item Description
a Name Sets the name of this organization.
b Inherited reporting settings from parent

Configures the organization to take on the reporting settings of the organization defaults (system-wide organizations) or its parent organization. When enabled, settings must be edited at the organization default or parent organization level.

c Send backup report

Enables or disables sending backup reports to org admins for this organization. Choose which days of the week you'd like to receive reports.

To customize the backup status report email, see Customize email templates.

d Recipients

Displays currently configured report recipients. For new customers, the first administrator is a recipient by default. To start or stop emails to other users, add or delete addresses from the next field, Additional recipients.

e Additional recipients Allows you to add or delete report recipients.
f Warning

Configures the alert threshold for warning notifications. Devices that have not backed up to any destination for longer than the defined number of days are included on warning alert emails.

For directions on how to customize the warning backup alert email sent to users, see Customize email templates.

g Critical

Configures the alert threshold for critical notifications. Devices that have not backed up to any destination for longer than the defined number of days are included on critical alert emails.

For directions on how to customize the critical backup alert email sent to users, see Customize email templates.

Security

Organization settings Security

Item Description
a Name Sets the name of this organization.
b Web restores 

Sets whether users can restore files from the Code42 console using the zip file web restore method:

  • Enabled: Users in the organization can perform zip file web restores.
  • Disabled: Users in the organization cannot perform zip file web restores.
    Zip file web restores are not available in the Code42 federal environment.

The setting only applies to the zip file web restore type; it does not apply to the device web restore type. It may take up to a day before all users in the organization are updated with the new setting. 

To change the setting, administrators must have the Customer Cloud Admin role. Clicking the Lock button prevents administrators in child organizations from changing the setting.

Increased security
Disable zip file web restores to limit file exfiltration potential by preventing users from downloading data in a browser and the decryption of archive data by the Code42 server system. This secures user data from access by administrators.

Zip file web restores must be disabled for NIST 800-171 compliance
c Client Visibility

Configures Code42 backup agent visibility on user devices.

  • Visible: Allows users to see and interact with the Code42 agent.
  • Hidden: Hides most user-facing elements of the Code42 agent on the device. For example, the Code42 agent does not appear in the Start Menu and Add/Remove Programs (Windows) or the Dock (Mac).

    Setting the visibility to Hidden does not uninstall any Code42 components. Security monitoring and file backups continue to run in the background. 

    See Show or hide the backup agent on user devices for more details.

Device backup defaults

Backup agent only

To change device backup defaults, from Actions, choose Device backup defaults

Select from the tabs to configure specific settings:

  • General: Specify client settings related to CPU power and bandwidth allocation, device backup alert thresholds, and file exclusions.
  • Backup: Define how and when backup operations take place, what files to include and exclude from backup, the frequency of backup, and how long to retain file versions. 
  • Reporting: Specify when and what reports are sent and to whom.
  • Security: Set the default encryption key policy. After the encryption policy is elevated, upgraded Code42 environments can never downgrade their policy.
  • Network: Control connection performance settings for WAN and LAN networks, exclude wireless networks, exclude network interfaces, or configure proxy settings.

Device_backup_default_settings_2-17-2023.png

Device defaults from parent
Enable Use device defaults from parent to make this organization use the device backup default settings from the parent (or root) organization. Disable to stop inheritance and allow changes to the device default settings for this organization. All organizations have the same settings options as the root organization, which appear in Set device defaults.

Cold Storage

Backup agent only

From the organization details, click the Cold Storage value to view a list of the organization's archives currently in cold storage.

Cold_Storage_details

Item Description
a Export  Exports a list of archives to a CSV file.
b Select all

Selects all the organization's archives in cold storage.

Select one or more archives to: 

  • Change purge date: Changes the date when the selected archives will be completely removed from the store point's file system on a server in the Code42 cloud
  • Purge archives: Permanently removes the selected archives from the store point's file system on a server in the Code42 cloud. 
c Type

Indicates the archive type.

  • Backup: Archives that contain backup data.
  • Security: Archives that contain security events as a result of enabling endpoint monitoring.
d Archive GUID Globally unique identifier of the archive.
e Organization Organization where the archive resides.
f User User that owns the archive.
g Device Name

Name of the device that owns the backup archive.


Security archives display Not Available because more than one device can be associated with a security archive.

h Hostname

The host name of the device where the backup archive resides in the Code42 cloud, as reported by the computer's operating system.

Security archives display Not Available because more than one device can be associated with a security archive.

i Store point Store point on a server in the Code42 cloud where the archive resides.
j Size Amount of space consumed by the archive.
k Purge Date Date when the archive is removed from cold storage.
CSV export

Export all visible archives in the cold storage list to a CSV file by selecting Export. If no archive is selected, all archives in the list are exported. The following attributes are exported to the CSV file.

Field Description
archiveGuid Globally unique identifier for the archive.
id Identification number of the archive.
archiveBytes Total size of files selected for back up and sync.
archiveType

Indicates the archive type.

sourceUserId The ID of the user associated with this archive.

sourceUserUsername

User name for the user associated with this archive.
sourceUserFirstName First name of the user associated with the archive.
sourceUserLastName Last name of the user associated with the archive.
sourceUserEmail Email for the user associated with the archive.
sourceComputerId An identification number for the device associated with the archive.
sourceComputerName Name of the device associated with the archive.

sourceComputerOsHostname

The name of the computer where the archive resides in the Code42 cloud as reported by the computer's operating system. 
sourceComputerService Indicates the app associated with the archive.
purgeDate Date when the archive is removed from cold storage
orgId Identification number of the organization where the archive resides.
orgName Name of the organization where the archive resides.
storePointId Identification number of the store point on a server in the Code42 cloud where the archive resides.
storePointName Name of the store point on a server in the Code42 cloud where the archive resides.
serverName Name of the server in the Code42 cloud associated with the store point.

Restore history

Backup agent only

View the restore history by selecting an organization, then clicking the number of restores. These details are restricted by role: you can view only the restore history to which you have access based on your role permissions.

Backup_Restore_History

Item Description
a Export Exports (as CSV) the restore information.
b Operating System Displays the operating system of the device that received the restored data.
c User User whose data was restored. A red warning icon Warning_Icon.png will appear if another user initiated the restore (via restoring from the Code42 console, for example).
d Restore To Device that received the restored data.
e # Files Number of files that were restored.
f Size Total size of the restored files.
g Transfer rate Speed of the file restoration.
h Restore date Date and time the restoration occurred.
i Duration Total time taken to restore the files.