This article outlines all available parameters that can be used during the installation and deployment of the SecureEdge Access Agent.
The installation and deployment of the SecureEdge Access Agent can be parameterized for optimal efficiency. This is especially useful for large-scale deployments or when using the Unattended Enrollment feature for Certificate-Based Enrollment or Token-Based Enrollment.
For mobile operating system platforms, all parameters are available through a managed app configuration. This allows administrators to easily configure settings using a Mobile Device Management (MDM) solution.
The installation and configuration parameters for managed applications currently supported by the SecureEdge Access Agent on various platforms are detailed below:
Windows
On Windows, Microsoft Installer (MSI) properties can be used to parameterize the Agent installation process:
MSI Property Name | Example Value(s) | Description |
|---|---|---|
TENANT_DOMAIN | empty (default) | Specifies the globally unique domain designated for Unattended Enrollment. This field can be left empty if Unattended Enrollment is not used. |
TENANT_TOKEN | empty (default) e0afa1e4bbe442ae822b91cd2ebd288d5d9ad31af2d54308b3e01e5d2d3d9cdc | Specifies the enrollment token designated for token-based Unattended Enrollment. This field should be left empty for certificate-based Unattended Enrollment or if Unattended Enrollment is not used at all. |
USER_IDENTITY | empty (default) | Specifies the device owner’s User Principal Name (UPN) for token-based Unattended Enrollment. Only use in conjunction with TENANT_TOKEN. Otherwise, leave empty. |
DEFAULT_ENROLL_ENDPOINT | cloudgenwan-ztna.cudasvc.com (default) | Allows use of an alternative endpoint for device enrollment. This field should be left empty for Production deployments. |
TPM_MODE | “auto” (default) | Specifies the TPM operation mode. This field should not be changed unless instructed by Barracuda Technical Support to do so. |
DEVICE_SCOPE | 0 (default) 1 | When enabled, the Agent will share a single enrollment across all local user accounts (e.g., for shared devices). In addition, Device Protection will be automatically enabled after system startup, even before a user logs into Windows. |
Example command for installation:
SecureEdgeAgent.msi TENANT_DOMAIN="acme.se.barracudanetworks.com"Linux
Configuration parameters must be specified in a JSON-based configuration file that is stored in /opt/secureedge/config.json
JSON Key | Example Value(s) | Description |
|---|---|---|
tenant_domain | empty (default) | Specifies the globally unique domain designated for Unattended Enrollment. This field can be left empty if Unattended Enrollment is not used. |
tenant_token | empty (default) e0afa1e4bbe442ae822b91cd2ebd288d5d9ad31af2d54308b3e01e5d2d3d9cdc | Specifies the enrollment token designated for token-based Unattended Enrollment. This field should be left empty for certificate-based Unattended Enrollment or if Unattended Enrollment is not used at all. |
user_identity | empty (default) | Specifies the device owner’s User Principal Name (UPN) for token-based Unattended Enrollment. Only use in conjunction with TENANT_TOKEN. Otherwise, leave empty. |
default_enroll_endpoint | cloudgenwan-ztna.cudasvc.com (default) | Allows use of an alternative endpoint for device enrollment. This field should be left empty for Production deployments. |
tpm_mode | “auto” (default) | Specifies the TPM operation mode. This field should not be changed unless instructed by Barracuda Technical Support to do so. |
Example configuration file:
{
"tenant_domain" : "acme.se.barracudanetworks.com"
}macOS
Configuration parameters must be specified in a Preference file using a Preference Domain Name of “com.barracuda.guardian.macos”.
Parameter Name | Example Value(s) | Description |
|---|---|---|
TENANT_DOMAIN | empty (default) | Specifies the globally unique domain designated for Unattended Enrollment. This field can be left empty if Unattended Enrollment is not used. |
TENANT_TOKEN | empty (default) e0afa1e4bbe442ae822b91cd2ebd288d5d9ad31af2d54308b3e01e5d2d3d9cdc | Specifies the enrollment token designated for token-based Unattended Enrollment. This field should be left empty for certificate-based Unattended Enrollment or if Unattended Enrollment is not used at all. |
USER_IDENTITY | empty (default) | Specifies the device owner’s User Principal Name (UPN) for token-based Unattended Enrollment. Only use in conjunction with TENANT_TOKEN. Otherwise, leave empty. |
DEFAULT_ENROLL_ENDPOINT | cloudgenwan-ztna.cudasvc.com (default) | Allows use of an alternative endpoint for device enrollment. This field should be left empty for Production deployments. |
TPM_MODE | “auto” (default) | Specifies the TPM operation mode. This field should not be changed unless instructed by Barracuda Technical Support to do so. |
Example Preference file:
<key>TENANT_DOMAIN</key>
<string>acme.se.barracudanetworks.com</string>Android
Configuration parameters must be specified as part of the Managed App Config.
Property Name | Example Value(s) | Description |
|---|---|---|
Tenant Domain | empty (default) | Specifies the globally unique domain designated for Unattended Enrollment. This field can be left empty if Unattended Enrollment is not used. |
Certificate Alias | empty (default) | Specifies the Certificate Alias used for certificate-based Unattended Enrollment. If the certificate alias is left empty, the end user will be prompted to select an enrollment certificate during initial startup of the application. This field should be left empty if using token-based unattended enrollment or if not using unattended enrollment at all. |
Tenant Token | empty (default) e0afa1e4bbe442ae822b91cd2ebd288d5d9ad31af2d54308b3e01e5d2d3d9cdc | Specifies the enrollment token designated for token-based Unattended Enrollment. This field should be left empty for certificate-based Unattended Enrollment or if Unattended Enrollment is not used at all. |
User Identity | empty (default) | Specifies the device owner’s User Principal Name (UPN) for token-based Unattended Enrollment. Only use in conjunction with TENANT_TOKEN. Otherwise, leave empty. |
Default Enrollment Endpoint | cloudgenwan-ztna.cudasvc.com (default) | Allows use of an alternative endpoint for device enrollment. This field should be left empty for Production deployments. |
TPM Operation Mode | “auto” (default) | Specifies the TPM operation mode. This field should not be changed unless instructed by Barracuda Technical Support to do so. |
iOS
Configuration parameters must be specified as part of the Managed App Config.
Configuration Key | Example Value(s) | Description |
|---|---|---|
TENANT_DOMAIN | empty (default) | Specifies the globally unique domain designated for Unattended Enrollment. This field can be left empty if Unattended Enrollment is not used. |
TENANT_TOKEN | empty (default) e0afa1e4bbe442ae822b91cd2ebd288d5d9ad31af2d54308b3e01e5d2d3d9cdc | Specifies the enrollment token designated for token-based Unattended Enrollment. This field should be left empty for certificate-based Unattended Enrollment or if Unattended Enrollment is not used at all. |
USER_IDENTITY | empty (default) | Specifies the device owner’s User Principal Name (UPN) for token-based Unattended Enrollment. Only use in conjunction with TENANT_TOKEN. Otherwise, leave empty. |
DEFAULT_ENROLL_ENDPOINT | cloudgenwan-ztna.cudasvc.com (default) | Allows use of an alternative endpoint for device enrollment. This field should be left empty for Production deployments. |
TPM_MODE | “auto” (default) | Specifies the TPM operation mode. This field should not be changed unless instructed by Barracuda Technical Support to do so. |