Single mode -vs- Multi-user mode installation

  • 21 September 2021
  • 4 replies

Userlevel 2
Badge +13

Hello all, 


I wanted to see if anyone had any use-case, pros/cons, intentetc information in terms of client installations. Beyond "Optional parameter. Use this parameter when installing in a multi-user system", I've been unable to find any additional information or context. 


For reference, when we deploy the client or provision devices, the Netskope client MSI is installed with a mode=peruserconfig parameter. While our devices can be used by any user in our environment with appropriate access, there are next to no devices that are intended to be regularly used by multiple users. 


I just wanted to reach out and see what your experiences have been. 

4 replies

Userlevel 4
Badge +14

You are using/installing it correctly.  The peruserconfig mode is both for devices that can be used by multiple different users - either concurrently or not.


The way it works is that for regular mode, the Netskope client installs one device-wide configuration based on the identity of the user that ran the install or used IDP to authenticate - and that identity remains the same regardless of what account is logged into the endpoint.  With peruserconfig mode, each user account gets it's own unique configuration so that each unique user's identity is used when connecting to Netskope.


Userlevel 2
Badge +13

Makes sense. In that regard, how do you all effectively review the "Client Status" on devices in which multiple users have logged in?


It's been my experience when I'm in Settings>Security Cloud Platform>Devices that:

  • multi-user systems have a client status of "Multiple Statuses"
  • depending on what user you select, you may get an Enabled or Disabled status

It's tedious at times to determine the primary/current user to see if there's an issue with the current state of the client.

Badge +4

Personally I think the default install should always be Multi User Mode (mode=peruserconfig). Even if only one user will be using the device for the most part there is really no disadvantage to multi user install and if someone else were to ever logon to the laptop it will then log traffic and more importantly apply the correct policies based on the logged on user. If the default install mode is used and a laptop is reissued to someone else or someone else logs in for whatever reason they are going to be getting the policies from whoever the very first person to logon to the machine is. 

Badge +12

I agree, peruserconfig should be the default for managed devices.