> ## Documentation Index
> Fetch the complete documentation index at: https://docs.livingsecurity.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Code42

> Connect Code42 (Incydr) to import insider risk alerts and user data.

export const ConnectInPlatform = ({tile, children}) => <Step title="Enter the credentials in the Living Security Platform">
    <p>
      Completed by whoever holds Living Security access — the program owner, or the system
      admin if they've been invited (delegated setup).
    </p>
    <ol>
      <li>
        Go to <strong>Settings → Integrations → Catalog</strong>, find the{' '}
        <strong>{tile}</strong> tile, click <strong>Connect</strong>.
      </li>
      <li>
        Fill in the fields below, then click <strong>Connect</strong>.
      </li>
    </ol>
    {children}
  </Step>;

export const SystemAdminBanner = ({system, recommendDelegated}) => <Note>
    <p>
      <strong>This guide is for your {system} administrator.</strong> It covers creating API
      credentials inside {system}, which requires admin access to {system} — not to the
      Living Security Platform.
    </p>
    <p>
      If you're the Living Security <strong>program owner</strong> and don't administer {system},
      send this page to whoever does. They complete Part A and hand the credentials back to you
      (or enter them directly if you've invited them into the platform).
      {recommendDelegated && <>
          {' '}Because setup produces sensitive key material, we recommend the{' '}
          <strong>delegated setup</strong> path so the secret is never sent back to you.
        </>}
    </p>
  </Note>;

<SystemAdminBanner system="Code42 (Incydr)" recommendDelegated={true} />

## What Living Security needs

| Credential            | Description                                          |
| --------------------- | ---------------------------------------------------- |
| **Client ID**         | The identifier for an Incydr API Client              |
| **Client secret**     | The secret associated with that API Client           |
| **Regional API host** | The API gateway hostname for your Code42 environment |

**Scopes:** Read access to Alerts and Users

**Required role:** **Customer Cloud Admin** or **Security Center User** with API Client management permissions

### Prerequisites

* You must be signed in to the Code42 console with a role that has permission to manage API Clients.

***

## Part A — In Code42

*Your Code42 administrator completes these steps.*

<Steps>
  <Step title="Navigate to API Client Management">
    1. Sign in to your Code42 console (e.g., `console.us.code42.com`).
    2. In the left navigation, click **Settings**, then select **API Clients**.
  </Step>

  <Step title="Create an API Client">
    1. Click **Add new API Client**.
    2. Enter a descriptive name (e.g., `Living Security Platform`).
    3. Select the access level that grants read access to **Alerts** and **Users**:

    | Data stream                          | Required access |
    | ------------------------------------ | --------------- |
    | Alerts (insider risk alerts)         | Read            |
    | Users (monitored employee directory) | Read            |

    In most deployments, the **Security Center User** role or equivalent read-only role is sufficient.

    4. Click **Create**.

    <Note>
      Grant only the access level needed for read operations. Administrative or write-level permissions are not required.
    </Note>
  </Step>

  <Step title="Identify your regional API host">
    Match your Code42 console URL to the corresponding API host:

    | Console URL              | Regional API host    |
    | ------------------------ | -------------------- |
    | `console.us.code42.com`  | `api.us.code42.com`  |
    | `console.us2.code42.com` | `api.us2.code42.com` |
    | `console.ie.code42.com`  | `api.ie.code42.com`  |
    | `console.gov.code42.com` | `api.gov.code42.com` |

    Enter the **host only** — no `https://` prefix and no trailing slash.
  </Step>

  <Step title="Copy and save your credentials">
    Copy the **Client ID** and **Client secret** values and store them securely.

    <Warning>
      The Code42 console displays the **Client secret only once** at creation time. If you navigate away without copying it, you must delete the API Client and create a new one.
    </Warning>
  </Step>
</Steps>

***

## Part B — In the Living Security Platform

*The program owner completes this step, or the system admin if using delegated setup.*

<Steps>
  <ConnectInPlatform tile="Code42">
    | Field                 | Value                                                    |
    | --------------------- | -------------------------------------------------------- |
    | **API Key**           | The client secret from Part A, Step 4                    |
    | **Regional API host** | The host from Part A, Step 3 (e.g., `api.us.code42.com`) |

    <img src="https://mintcdn.com/livingsecurity/oVkrOMkYmNevekTI/integrations/images/code42/connect-dialog.png?fit=max&auto=format&n=oVkrOMkYmNevekTI&q=85&s=15ffa4068082f49ca61e6e3816312298" alt="Living Security connect dialog for Code42" style={{maxWidth: "450px"}} width="576" height="432" data-path="integrations/images/code42/connect-dialog.png" />
  </ConnectInPlatform>
</Steps>

You are now connected to Code42.

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="401 Unauthorized">
    The Client secret may have been rotated, deleted, or expired. Create a new API Client, copy the new credentials, and reconnect the integration.
  </Accordion>

  <Accordion title="403 Forbidden">
    The API Client lacks read access to Alerts or Users. Create a new API Client with the **Security Center User** role or equivalent read permissions.
  </Accordion>

  <Accordion title="Wrong regional API host">
    Using the wrong host causes authentication to fail. Verify:

    * US accounts use `api.us.code42.com` or `api.us2.code42.com`
    * EU accounts use `api.ie.code42.com`
    * Gov accounts use `api.gov.code42.com`
  </Accordion>

  <Accordion title="Missing Client ID field">
    The connection dialog's **API Key** field accepts the client secret. The Client ID is handled internally during OAuth2 token exchange.
  </Accordion>
</AccordionGroup>
