Skip to main content

Conditional Policy for URL Input Field

The conditional policy for the URL input field is a feature that allows for detailed management of access rights and isolation security policies for the created URL input field. Access can be controlled based on conditions such as members, location, and time, and various security policies can be applied.

Table of Contents

  • Basic
    • Basic Screen Configuration
    • Policy Search
    • Policy Application Status Inquiry
    • Get Policy
  • Policy Settings
    • Add Policy
    • Policy Basic Information - Policy Name, Members, Target
    • Condition - Location, Time
    • Execution Policy - Access Policy, Additional Authentication
    • Isolation Security Policy - Keyboard, Files, Clipboard, Session, Context Menu, etc.
    • Policy Configuration Management
    • Policy Application Priority
    • Download Policy Status
    • Management of Default Execution Policy

Basic Screen Configuration

The conditional policy screen is composed as follows:

  • Conditional Policy Tab: A tab where you can apply conditional policies to apps created in Home
  • Priority: Display policy priorities (the smaller the number, the higher the priority)
  • Add Policy: Top left of the**[➕ Add Policy]**Create a new policy with the button
  • Search: Policy name, members, target URL/category, usage status, and various other conditions can be searched.
  • Policy Application Status Inquiry: Policy List Top Button Bar**[Policy Application Status Inquiry]**Check the application history by policy and the non-applied policies with the button.

You can search for policies based on various criteria, including not only the policy name but also members, target URL·category, conditions, enforcement policies, and usage status.

FilterSearch MethodExplanation
Policy NameIncluded SearchSearch for policy names that include keywords
MembersInclude search + dropdown selectionUser (Name·Email), Group, Department Search, Assignment/Exception Distinction Selection, Multiple Selection Available
Target - URLIncluded Search + Dropdown SelectionSearch by registered URL name and address, all URL fixed values can be selected, multiple selections are possible.
Target - CategoryDropdown SelectionSearch by registered web category name
UsageDropdown SelectionUse / Not Use Selection
conditionInclude search + dropdown selectionSearch by location (IP), time, device conditions, multiple selections available
Execution PolicyDropdown SelectionAccess Allow/Deny, Isolation Security Policy (All Allowed/Restricted Use), Additional Authentication Method Selection, Multiple Selections Possible

Target Search Details

URL Search: Enter the name or address of the registered URL, and a list will be displayed below with inclusion search. All URLs are fixed at the bottom of the dropdown and will only be included in the search results if directly selected. If searching for a specific URL, only the policies directly set for that URL will be searched, and all URL policies will not be included.

Category Search: Select a web category from the dropdown. Individual URLs belonging to the category are excluded from the search targets.

Member Search Details

When you enter a name or email in the search box, results will be displayed in a real-time dropdown. You can select the Assignments / Exceptions tab to search by distinguishing between cases that are assigned to the policy and those that have been handled as exceptions. All members are fixed at the bottom of the dropdown and will only be included in the search results if selected directly.

Detailed Condition Search

  • Location: Search by entering an unrestricted location name or a registered location name. The results are displayed in the format location name | IP range.
  • Time: Search by entering an unlimited time or a registered time name. The results will be displayed in the format of time name | time range.
  • Device: Select from all devices, Desktop, Tablet, Mobile.

Execution Policy Search Details

  • Access Policy: Allow Access / Deny Access Selection
  • Isolation Security Policy: Allow All / Select Limited Use
  • Additional authentication methods: None / Email verification / OTP verification / Passkey (WebAuthn) verification selection (applies only to access permission policies)

Search Condition Combination Rules

  • Between filters (AND condition): If you set multiple different filters, only the policies that satisfy all conditions simultaneously will be displayed.
  • Filter within (OR condition): When multiple items are selected within the same filter, any policy that matches at least one will be displayed.

Each set condition is displayed in tag form, and individual conditions can be removed using the × button on the tag.

⚠️ Priority changes are not possible when search filters are applied. To change the priority, please clear all search filters.

Policy Application Status Inquiry

At the top of the policy list**[Policy Application Status Inquiry]**Clicking the button opens a modal where you can view the application history of conditional policies and the policies not applied by period.

Modal Configuration

areaContent
Query Period[Start Date] ~ [End Date] Calendar Selection
tabApplied Policies / Unapplied Policies
DownloadDownload Excel of the search results using the button in the upper right corner [↓]

Applied Policies Tab

Displays the list of policies that have been actually applied (heating) to users during the specified period.

columnExplanation
PriorityCurrent priority number of the policy
Policy NamePolicy Name (click to move to the edit details screen)
ExplanationPolicy Description
Policy Usage StatusCurrently in use / Not in use status
Application Count ↑↓Number of times the policy was applied during the inquiry period (thousand unit comma display, sortable)
Recent application date ↑↓Most Recent Date Policy Applied Within the Query Period (Sortable)

💡 When sorting the application frequency in ascending order, you can quickly identify policies with low usage at the top.

Unapplied Policy Tab

Displays the list of policies that have not been applied (heated) even once during the specified period.

💡 By periodically checking for unimplemented policies and organizing unnecessary policies, you can reduce the complexity of policy management and optimize the security environment.

Get Policy

You can import a backup of the conditional policy from a JSON file (single policy) or a ZIP file (multiple policies) to register it.

  • Download: Item checkbox check > Click the [Download Policy] button in the top button bar
    • When selecting 1: Download JSON file
    • When selecting more than 2: Download as a ZIP file.
  • import: Click the [Get Policy] button to select and register the backed-up JSON file or ZIP file.

➕ Add Policy

Clicking **[➕ Add Policy]** will take you to the new conditional policy page, where you can set the following items:

  • Policy Basic Information
  • condition
  • Execution Policy
  • Settings

📌 Policy Basic Information

Policy Name

  • Name (required): Up to 20 characters can be entered
  • Description (optional): Up to 200 characters can be entered.

Members

Set users or groups to be included or excluded from this conditional policy as members.

  • allocation
    • All users: Apply policy to all users
    • Select user or group: Search for and select a specific user or group
  • Exclusion
    • Specify users or groups to exclude from the policy
    • Excluded members are not subject to the policy regardless of allocation.
    • The 'All Users' option cannot be used in the exclusion items.

target

Select which target to apply this conditional policy to.

All sites accessed through the address bar

Applies policies to all websites accessed through the URL input field. Used for basic policy settings such as block all or allow all.

Usage Example:

  • Create a site-wide blocking policy (set priority low)
  • Specific sites that are allowed are created with separate policies (set with high priority)

Registered Sites/Groups(Displayed only when selecting the target directly)

Select individual sites or groups registered in the URL list. Use this when you want to apply policies to specific sites only.

Setting Method: Click 'Select the sites registered in the address bar' → Select the desired site/group

Web Category(Displayed only when selecting the target directly)

Policies are applied at the category level. It is efficient when applying uniform policies to sites of the same nature.

Setting Method: Click 'Select Web Category' → Choose the desired category (e.g., Games, Entertainment, Business, Academic Information, etc.)

Characteristics of Web Categories

Policies will be automatically applied to all sites belonging to the category without having to register individual URLs one by one. After that, the administratorBusiness System > CategoryIf you change the category of a specific domain in the menu, it will be immediately reflected in the conditional policies targeting that category.

divisionRegistered Sites/GroupsWeb Category
Scope of ApplicationOnly registered URLs will be appliedAutomatically Apply to All Categories
When adding a new siteNeed to add directly to the policyAutomatically applied once category classification is done
suitable caseIndividual Control of Specific SitesBatch Control of Sites with the Same Nature

Policy Setting Strategy Example

Scenario 1: Basic Blocking + Selective Allowance

  • Policy A (Priority: 2): Target - All sites accessed via the address bar / Enforcement Policy - Access Blocked
  • Policy B (Priority: 1): Target - Web Category Business, Academic Information / Enforcement Policy - Allow Access

Scenario 2: Differential Control by Category

  • Game/Entertainment Blocking Policy: Target - Web Category Games, Entertainment / Conditions - Working Hours / Enforcement Policy - Access Block
  • Security Threat Continuous Blocking Policy: Target - Web Category Malware Distribution Sites, Phishing Sites / Enforcement Policy - Access Block
  • Work Site Allowance Policy: Target - Web Category Business, Cloud / Execution Policy - Access Allowed

condition

Set conditions such as location and time to be used for policy judgment. Based on the assigned conditions, determine the user's access environment and decide whether to apply the policy.

Location Conditions

  • All Locations(default): Apply policy at all locations without specific location conditions
  • Select Registered Location: Select from the locations registered in the conditions section of the Security365 Management Center.
  • [+Location Registration]: Click to add a new location condition
  • Exception Selection: Use to exclude a specific location among the selected locations.

Time Condition

  • All Time(Default): Always apply policy without specific time limits
  • Select Registered Time: Select from the registered time in the conditions section of the Security365 management center.
  • [+Time Registration]: Click to add a new time condition
  • Exception Selection: Use to exclude a specific time zone from the selected time.

The location and time conditions can be registered/deleted/edited in the [Condition Items] menu of the Security365 Management Center.


Execution Policy

Access Policy

Sets the access permissions for members when they want to access the subject to this conditional policy.

  • Access Denied: Completely block URL access under the given conditions
  • Access Allowed: Allows access to the URL and enables the configuration of additional authentication methods.

Additional authentication methods(Can be set only when access is allowed)

  • Not in use: Accessing the target without additional authentication
  • Email Verification: The authentication code input window appears and the authentication proceeds (time limit: 5 minutes)
  • OTP authentication: Initial registration with QR code and recovery key instructions, proceed with authentication by entering the authentication code after registration.
  • Passkey (WebAuthn) Authentication: A method of additional authentication that verifies the user using passkeys registered on the user's device, such as fingerprints, PINs, and security keys. It provides a higher level of security than email and OTP authentication, allowing for quick access using only biometric authentication without the need to enter an authentication code.
    • ① Display additional authentication modal: When you navigate to the target URL where passkey two-factor authentication is set up, the screen will display at the top.Additional AuthenticationA modal will be displayed. "For secure access, verification is required using a passkey (fingerprint, PIN, security key, etc.)."**[Authenticate]**A button is provided.
      • Passkeys have a higher security requirement than other two-factor authentication methods, so the authentication window must be opened as a popup. This modal is for the user’s**Click (Gesture)**Steps to open a popup to bypass the browser's popup blocker.
    • ② Biometric authentication process: **[Authenticate]**Clicking will open an authentication window (popup) and display the message "Authenticate with security key or biometric program." You will proceed with identity verification using the registered passkey on the device through fingerprint, PIN, or security key on the OS authentication screen such as Windows Security.
    • ③ Access Permission: If authentication is successful, the authentication window will close and access to the target URL will be allowed.

⚠️ If authentication fails, display a notification popup saying "Authentication has failed." Access to the target is not possible.

PAC Environment Reference— In a PAC (Proxy Auto-Configuration) usage environment, if you cancel the additional authentication modal or do not complete the authentication,Additional authentication requiredThe guide page will be displayed. On this page,**[Additional Authentication]**Pressing the button will immediately open the authentication popup without a guidance modal, allowing you to authenticate again. At this time, additional authentication will proceed while being in a blocked URL state, and during the additional authentication phase, the RBI video transmission session will be temporarily disabled and will resume after authentication is completed.

Other Matters— Passkey authentication requires that the passkey (passwordless) credentials for the user identity are pre-registered to function. If the authentication window does not open or if authentication continues to fail, please request SOFTCAMP to check the registration status of the passkey (passwordless) credentials.

Isolation Security Policy

Set policies to control user behavior when accessing the URL. For all behavior control items, you can choose whether to allow or block.

itemExplanation
Keyboard inputWhen blocked: "Key input is prohibited by policy." notification is displayed at the center bottom.
Site NavigationAccess to domains other than the one accessed is not allowed when blocked. When accessing a blocked site, you will be redirected to a page that says "This action is prohibited by policy."
File UploadAllowed file extension restrictions and selection of storage (My PC folder / SHIELDGate folder)
File DownloadWhen blocked, redirect to the "This action is prohibited by policy." guidance page. When allowed, extension restrictions and repository selection are available.
Clipboard AccessIsolated browser ↔ User PC copy/paste directional individual control
Session PersistenceYou can set idle time when activated. The screen will be locked after the idle time elapses.
Screen MarkingDisplay a watermark containing username and email information on the screen when activated.
Print WatermarkDisplay a watermark containing username and email information on the print screen when activated.
Video Conference ModeOptimize video conferencing performance when activated. Unable to use SHIELDGate shortcut feature.
Context MenuControl menu items displayed on right-click of the mouse individually by target.

File Download Repository Details

  • My PC file cabinet: Downloading files to the user's local PC
  • SHIELDGate File Box: Saving files to SHIELDrive storage (storage can be specified)
  • SHIELDViewer: Preview the file by downloading it with SHIELDViewer to view the file.
    • PDF Download: Allow/Block conversion of the original to PDF (Default: Allow)
    • Download Original: Allow/Block Download of Original Document (Default: Block)
    • CDR Download: Allow/Block Download After Decontamination Processing Through CDR (Default: Block)

⚠️ SHIELDGate file cabinet (SHIELDrive storage) usage requires that the member is assigned to the SHIELDrive storage.

Context Menu Detailed Settings

Individually control the menu items to be displayed for each clickable target area with ON/OFF.

areaExplanation
Page Background AreaContext menu displayed when right-clicking on empty space
Text Selection AreaContext menu displayed after right-clicking after dragging text
linkContext menu displayed when right-clicking on a link
imageContext menu displayed when right-clicking on an image
VideoContext menu displayed when right-clicking on the video
AudioContext menu displayed when right-clicking on audio
Input FieldContext menu displayed when right-clicking in the text input field

⚠️ Shortcut Integration: If you set the menu item to OFF, the associated keyboard shortcuts will also be blocked. (e.g.: Print item OFF → Ctrl+P blocked)

Data Security — Input Sensitive Information Inspection

Check for sensitive information (such as regular expressions, etc.) in the text entered by the user,Before the original text is delivered to the siteThis is a custom overlay feature that controls.

Why do we inspect in a separate window (overlay)?SHIELD Gate operates in a Remote Browser Isolation (RBI) environment. When a user types directly on a remote page, the sensitive information is already sent to the remote side at that moment, resulting in "detection after leakage" even if it is inspected and blocked later. Therefore, input is first received in a controlled overlay window for inspection andAllowed input onlyWe will reflect this on the site ("Check at controlled points before inserting"). The separate window that appears is designed to ensure this security boundary.

  • Input Sensitive Information Check(ON/OFF): Turns the inspection on or off for this URL (site).
  • It operates as follows depending on the inspection method.
    • Self-Check (Regular Expression): If you turn the inspection ONRegular Expression Selection(Select from the list registered in sensitive information management, new addition possible) andLog OptionsSets.
      • Log Storage Scope: All cases / Blocked cases only
      • User input content included: Whether to include the text entered by the user in the inspection log
    • External Integration: Only the inspection ON/OFF is set, and the regular expression and log detailed settings are handled by the external inspection system.

**If this item (Data Security > Input Sensitive Information Check) is not visible,**You need to enable custom overlay. Please contact SOFTCAMP.


Policy Settings

You can set the usage and validity period of this conditional policy.

  • use: Policy is activated and works immediately
  • Not in use: The policy is disabled and not functioning
  • Expiration Date: When checked, the calendar is activated to select the start date and end date to set the duration. If not set, it operates indefinitely.

💡 Policy Application Priority

When multiple policies conflict, the policy with a higher priority (a smaller number) will be applied. You can adjust the priority by dragging and dropping in the policy list.

Priority Quick Move

After selecting a policy, you can quickly change the priority using the following method.

  • Move to top / Move to bottom: Move immediately to the top or bottom
  • Priority Move Dropdown: Select the desired number to move directly to a specific location

⚠️ Priority changes are not possible when search filters are applied. Please proceed after clearing all filters.


Download Policy Status

You can download the list of conditional policies as an Excel (.xlsx) file. This is provided separately from the existing JSON backup feature.

  • Full Download: Save all registered policy information as an Excel file
  • Download Search Results: Save only the results with the current search filter applied as an Excel file

💡 JSON download is for policy backup and restoration, while Excel download is used for status analysis and reporting.


Management of Default Execution Policy

This is a feature that allows you to pre-set and manage the default values that are automatically filled in for execution policies and isolation security policies when registering new conditional policies. It reduces repetitive manual settings and prevents setting omissions and input errors.

The button bar on the right side of the top of the policy list**[Execution Policy Default Management]**Click the button.

※ The URL input field and the app's default values are managed independently. Changing the default value in one menu does not affect other menus.

Default Value Setting Range

itemWhether to apply default values
Policy Name / Description
Members / Target
Condition (Location·Time)
Execution Policy (Access Policy · Additional Authentication)
Isolation Security Policy (Keyboard·File·Clipboard·Session·Context Menu, etc.)
Settings (Usage Status · Validity Period)

Apply default values in bulk to the selected policy

After selecting the policy with checkboxes in the list, use the top button bar's**[Applying Default Execution Policy]**By clicking the button, you can overwrite the execution policy and isolation security policy items of the selected policy with the current default values.

⚠️ The default values will be saved immediately. Policy name, description, members, targets, conditions, and settings will not be changed.