Agent Deployment

Agent Deployment allows to control the distribution of the Harmony Connect Agent:

• Distribute different versions of the agent to different user and device groups. For example, when a new agent version is released, you can test the agent with a selected group of users.

• Automatically upgrade agents to the latest or recommended version.

Note: You can use the Agent Deployment Manager role to provide write access only to the Agent Deployment and read-only access to all the other pages.

Creating a New Agent Deployment Rule

Notes - To download and deploy the Harmony Connect Agent manually, click Download Agent and follow the instructions in the sk. macOS agent can only be downgraded manually. Only Identity Providers with Directory Synchronization Services (DSS) is supported.

1. Go to Settings > Agent Deployment.

   The Agent Deployment page appears.

   

   Note - Default settings for the entire organization is the default rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.. It ensures that a minimum version of the agent is installed for all users and devices. You cannot delete the rule, however, you can edit the Name, Agent for Windows and Agent for Mac. It is always placed last in the table.

2. By default, the Automatic agent deployments toggle button is turned on for new tenants. To disable automatic agent deployment, turn off the toggle button.

   Note - If you have disabled the feature on existing tenants by contacting Check Point Customer Support, then the toggle button is turned off by default.

3. Click to add a rule before the default rule.

   A new row appears in the table.

4. In the Name column, enter a name for the rule. For example, Version 1.3.4 to R&D.

5. In the Apply to column, click :

   1. To apply the rule to users and groups, select Users and Groups.

      

      1. Click New.

      2. Select Group to add a new user group, or select User to add a new user.

      3. In the Name field, enter the name of the user or group.

      4. In the User Name field, the unique identifier of the user in the Identity Provider.

         Note - This option is available only when you are adding a new user.

      5. In the Group Identifier field, enter the group identifier.

         Note - This option is available only when you are adding a new user group.

      6. Select the Identity Provider from the list.

      7. (Optional) In the Comments field, enter comments.

      8. Click Add.

         The new user group or user is added to the list.

      9. Select the user group or user and click Add.

   2. To apply the rule to a specific agent, select New Client ID.

      

      1. Enter Client ID and click Validate.

         Note - To get the client ID, in the Harmony Connect Agent, click Settings.

      2. In the Nickname field, enter the name of the user.

      3. Click Add. 

6. In the Agent for Windows column, select a version for Windows.

7. In the Agent for Mac column, select a version for macOS.

   Note - If you select Automatic deploy recommended or Automatic deploy latest, the system automatically upgrades the agent when the user logs into the device or exits the agent. Optionally, the user can manually upgrade the agent. For more information, see Harmony Connect Agent User Guide.

8. Click Save Changes.

The system deploys the agent version to all the endpoints specified in the rule.

Order of Agent Deployment Rules

The order (sequence) of rules determines the priority of rule. For example, when a user or device is associated with multiple rules, the rule positioned higher in the order takes precedence.

To change the order, drag and drop the rule.

Verifying the Agent Deployment

1. Go to Assets > Devices.

2. Check the version in the Version column.