Skip to main content

App Conditional Policy

The app conditional policy is a feature that allows for detailed management of access permissions and isolation security policies for the created app. It controls app access based on conditions such as members, location, and time, and can apply various security policies.

Table of Contents

Basic

Policy Settings

Management

Basic Screen Composition

The conditional policy screen is composed as follows:

  1. Conditional Policy Tab: A tab where you can apply conditional policies to the apps created on the home page.
  2. Priority: Display policy priorities (the smaller the number, the higher the priority)
  3. Add Policy: Top left**[Add Policy]**Create a new policy with a button
  4. Search: Policy name, members, target app, usage status, and various other conditions can be searched.
  5. Policy Application Status Inquiry: Top button bar of the policy list**[Policy Application Status Inquiry]**View application history by policy and policies not applied with the button

You can search for policies based on various criteria, including policy name, members, target apps, conditions, enforcement policies, and usage status.

Types of Search Filters

FilterSearch MethodDescription
Policy NameInclusive SearchSearch for policy names containing keywords
MembersInclusive Search + Dropdown SelectionUser (Name·Email), Group, Department Search, Assignment/Exception Classification Selection, Multiple Selection Available
TargetDropdown SelectionSearch by app name or app representative URL, multiple selections allowed
UsageDropdown SelectionUse / Not Use Selection
ConditionInclusive Search + Dropdown SelectionSearch by location (IP), time, and device conditions, multiple selections available
Execution PolicyDropdown SelectionAccess Allow/Deny, Isolation Security Policy (Allow All/Restricted Use), Select Additional Authentication Methods, Multiple Selections Possible

Member Search Details

  • When you enter a name or email in the search box, results will be displayed in real-time in a dropdown.
  • Allocation / ExceptionYou can search by distinguishing between cases where a tab is selected and assigned to a policy and cases that are handled as exceptions.
  • 모든 구성원is fixed at the bottom of the dropdown and is included in the search results only when selected directly.
  • Location: 위치 제한 없음or enter a registered location name to search. The results are위치명 | IP 범위It will be displayed in the format.
  • time: 시간 제한 없음or enter the registered time name to search. The results are시간명 | 시간 범위It will be displayed in the format.
  • Device: 모든 디바이스, Desktop, Tablet, MobileSelect middle.

Execution Policy Search Details

  • Access Policy: Select Allow Access / Block Access
  • Isolation Security Policy: Allow all / Select limited use
  • Additional Authentication Methods: Not used / Email verification / OTP verification selection (applies only to access permission policy)

Search Condition Combination Rules

  • **Between filters (AND condition)**If you set multiple different filters, only the policies that satisfy all conditions simultaneously will be displayed.
  • **Within Filter (OR Condition)**If you select multiple items within the same filter, any policy that matches at least one will be displayed.
  • Each set condition is displayed in the form of tags, and the tags'×You can remove individual conditions with the button.

⚠️ Priority changes are not possible when search filters are applied. To change the priority, please clear all search filters.

Policy Application Status Inquiry

Top of the policy list**[Policy Application Status Inquiry]**Clicking the button opens a modal where you can view the application history of conditional policies and the policies that were not applied by period.

Modal Title: Policy Application Status Inquiry

AreaContent
Query Period[시작일] ~ [종료일]Calendar Selection
tabApplied Policies / Unapplied Policy
DownloadTop right[↓]Download Excel of Query Results with Button

Applied Policies Tab

to the user during the set period**Policies Actually Applied (Heating)**Displays the list.

Table Column Configuration

columnDescription
PriorityCurrent priority number of the policy
Policy NamePolicy Name (click to move to the edit details screen)
DescriptionPolicy Description
Policy Usage StatusCurrently in use / Not in use
Application Count ↑↓Number of times the policy was applied during the inquiry period (thousands separator comma, sortable)
Recent application date ↑↓Most Recent Date Policy Applied Within the Query Period (Sortable)

💡 Application FrequencyWowRecent application dateColumns can be sorted in ascending/descending order. When sorting by application frequency in ascending order, you can quickly check policies with low usage frequency at the top.

How to Use

  1. **[Policy Application Status Inquiry]**Button Click → Open Modal
  2. Setting the query period (start date ~ end date)
  3. Applied PoliciesCheck Tab
  4. Sort by clicking the header of the application count or most recent application date column.
  5. Clicking on the policy name allows you to navigate to the detailed editing screen of that policy.
  6. Top right[↓]Download Excel results by clicking the button

Unapplied Policy Tab

during the set period**Policy that has never been applied (heating)**Displays the list.

Table Column Configuration

columnDescription
PriorityCurrent priority number of the policy
Policy NamePolicy Name (click to move to the edit details screen)
DescriptionPolicy Description
Policy Usage StatusCurrently in use / Not in use

How to Use

  1. **[Policy Application Status Inquiry]**Button Click → Open Modal
  2. Setting the query period (start date ~ end date)
  3. Unapplied PolicyTab Selection
  4. Check the list of policies that were not applied even once during the period
  5. Clicking on the policy name allows you to navigate to the detailed editing screen of that policy.
  6. Top right[↓]Download Excel results by clicking the button

💡 By periodically checking for unimplemented policies and organizing unnecessary ones, you can reduce the complexity of policy management and optimize the security environment.

Fetch Policy

  • You can import and register a backup JSON file (single policy) or a ZIP file (multiple policies) for the conditional policy.

[How to Use]

  1. Download: Check the item checkbox > Click the [Download Policy] button on the top button bar.
    • Download JSON file when 1 is selected
    • When selecting 2 or more: Download as a ZIP file.
  2. Import: Click the [Import Policy] button to select and register the backed-up JSON file or ZIP file.

Add Policy

**[Add Policy]**Clicking will take you to the new conditional policy page, where you can set the following items:

  • Policy Basic Information
  • Condition
  • Execution Policy
  • Settings

Policy Basic Information

Policy Name

  • Name(required): Up to 20 characters allowed
  • Description(Optional): Up to 200 characters can be entered.
  • The conditional policy name is a required field, and you must enter a unique name to identify the policy.

Members

Set users or groups to be included or excluded from this conditional policy.

Allocation

  • All Users: Apply policies to all users
  • Select User or Group: Search and select a specific user or group
    • Search by entering a username or group name in the search box.
    • The selected user or group can be confirmed in the box below.

Exclusion

  • Specify users or groups to exclude from the policy
  • Excluded members are not subject to the policy regardless of allocation.
  • The 'All Users' option cannot be used in the exclusions.
  • If you select members to exclude, you can check the list of excluded members in the box below.

Target App

  • Select the app or app group to which this conditional policy will be applied.
  • The policy applies only to the selected app or group.
  • You can select multiple apps, and you can also select by app group.

Setting Conditions

Set conditions such as location and time to be used for policy judgment. Based on the assigned conditions, determine the user's access environment and decide whether to apply the policy.

Location Conditions

You can choose from the following two items for the location (IP) condition:

  • All Locations(default): Apply policy at all locations without specific location conditions
    • Exception selection: To exclude only specific locations among all locations, specify the locations to be excluded through 'exception selection'.
  • Select Registered Location: Select from the locations registered in the Security365 Management Center's condition items.
    • Click 'Select a Location' to view the list of registered locations.
    • [+Register Location]: Click to add a new location condition
    • Exception Selection: Use 'Exception Selection' to exclude specific locations from the selected locations.

Time Conditions

You can choose from the following two items for the time condition:

  • All Time(default): Always apply policy without specific time limits
    • Exception selection: To exclude only specific time zones among all times, specify the time to be excluded through 'exception selection'.
  • Select Registered Time: Select from the registered time in the conditions section of the Security365 Management Center.
    • Click 'Select a time' to check the list of registered times.
    • [+Time Registration]: Click to add a new time condition
    • Exception Selection: Use 'Exception Selection' to exclude specific time zones from the selected time.

Condition Management Notes

  • Location and time conditions can be registered/deleted/edited in the [Condition Items] menu of the Security365 Management Center.
  • Use exception selection for detailed settings when complex conditions are required.

Execution Policy

Access Policy

This sets the access permissions when a member of the target to which this conditional policy applies wishes to connect.

Access Permission

  • Access Denied: Completely block app access under the given conditions
  • Access Permission: Allows app access and enables the setting of additional authentication methods.

Additional Authentication Methods(Only configurable when access is allowed)

  • Not in use: Accessing the target without additional authentication
  • Email Verification:
    • An authentication code input window appears, and the authentication process begins.
    • Time limit: 5 minutes
    • If you did not receive the authentication code in time, click 'Resend Authentication Code'
  • OTP Authentication:
    • QR Code and Recovery Key Instructions for Initial Registration
    • Enter the verification code after registration to proceed with verification.

When authentication fails

  • "Authentication has failed." Display alert popup
  • Unable to access the target

Isolation Security Policy

Set policies to control user behavior within the app. All behavior control items can choose whether to allow or block.

Behavior Control Item

Keyboard Input

  • Allow/Deny Settings
  • When blocked: A message "Keyboard input is prohibited by policy." is displayed at the bottom center.

Site Navigation

  • Allow/Deny Settings
  • Allowed: Free movement to all sites
  • Blocked: Can only navigate to the representative URL and associated URLs.
  • When accessing a blocked site: Redirect to the "This action is prohibited by policy." page.

File Upload

  • Allow/Deny Settings
  • Additional settings when allowed:
    • File Extension Restrictions: Select allowed file extensions (e.g., jpg, png, pdf, etc.)
    • Repository Selection:
      • My PC File Cabinet
      • SHIELDGate File Box

File Download

  • Allow/Deny Settings
  • When blocked: "This action is prohibited by policy. Downloading is prohibited by policy." Go to the information page, return to the previous screen with the close button.
  • Additional settings when allowed:
    • File Extension Restrictions: Select allowed file extensions
    • Repository Selection:
      • My PC File Cabinet
      • SHIELDGate File Box (SHIELDrive storage can be specified if selected)

Precautions When Using SHIELDrive Storage

  • The member must be assigned to SHIELDrive storage to be available.
  • Unable to download files if there is no storage allocation

Clipboard Access

  • Control of Copy/Paste Between Isolated Browser and User PC
  • Individual settings available by direction:
    • Whether to allow clipboard access to the user PC from the isolated browser
    • Allowing Clipboard Access in Isolated Browser on PC
  • When blocked: A message saying "Clipboard usage is prohibited by policy." will be displayed at the center bottom.

Session Persistence

  • Enabling session persistence protects the data on the screen through a lock screen when there is no screen activity during idle time.
  • Idle time setting available when activated (in minutes)
  • When idle time elapses, the screen will be locked immediately, and you can return to the work page through the 'Refresh' button.

Screen Marking

  • Enable/Disable Settings Available
  • When activated: Display a watermark containing username, email information, etc. on the screen.
  • Data Leakage Prevention and Enhanced Accountability Tracking
  • The screen mark display method can be customized in the 'Business System > Security Screen Settings > Screen Marking/Watermark Settings' menu.

Print Watermark

  • Enable/Disable Settings
  • When activated: Display a watermark containing username, email information, etc. on the screen.
  • Data Leakage Prevention and Enhanced Accountability Tracking
  • The watermark display method can be customized in the 'Business System > Security Screen Settings > Screen Marking/Watermark Settings' menu.

Video Conferencing Mode

  • Activated in business systems that require video conferencing
  • Limitations when activated:
    • Unable to use SHIELDGate shortcut feature (Shortcut icon not provided in the top right corner)
    • Settings for Optimizing Video Conference Performance

Context Menu

  • Enable/Disable Settings
  • When activated: Individually control the context menu items displayed when right-clicking in the RBI browser by target.
  • 컨텍스트 메뉴 설정 >Clicking the link will open the detailed settings slide.
  • Current configuration status summary text (e.g:32개 표시 | 2개 숨김) is indicated.

Context Menu Detailed Settings

Individually control the menu items to be displayed for each clickable target area by turning them ON/OFF.

AreaDescription
Page Background AreaMenu displayed when right-clicking on empty space (Back, Forward, Refresh, Print, View Page Source, Inspect, etc.)
Text Selection AreaContext menu displayed after right-clicking on text after dragging (copy, print, etc.)
linkMenu displayed when right-clicking on a link (Open in new tab, Copy link address, etc.)
imageMenu displayed when right-clicking on an image (Save image, Copy image, etc.)
videoMenu displayed when right-clicking on the video (Play/Pause, Save video, etc.)
AudioMenu displayed when right-clicking on the audio (Play/Pause, Save Audio, etc.)
Input FieldContext menu displayed on right-clicking the text input field (Cut, Copy, Paste, etc.)
  • Each item within the area is controlled by an individual ON/OFF toggle,전체 ON / 전체 OFFYou can toggle all items in the area at once with a button.
  • bottom초기화Clicking the button will reset all items to their default values.
  • If all items in a specific area are OFF, the context menu will not be displayed when you right-click in that area.

⚠️ Shortcut Key IntegrationIf you set the menu item to OFF, the associated keyboard shortcuts will also be blocked. (e.g., Print item OFF →Ctrl + PBlock)

⚠️ Top Button Constraints in Browser: Even if you set the back/forward/refresh menu items to OFF, clicking the navigation buttons at the top of the browser is not blocked. Shortcut keys (Alt+←, F5Only (etc.) will be blocked.

Video/AudioYou can control the basic playback-related menu for video and audio, which is applied based on the standard context menu items of the browser.

Shortcut Keys: The browser's default shortcuts associated with context menu items are controlled together, while custom shortcuts are excluded.

Policy Configuration

You can set the usage and validity period of this conditional policy.

Usage Status

  • use: Policy is activated and takes effect immediately
  • Not in use: The policy is disabled and does not operate.

Expiration Date

  • When not set: Operate indefinitely
  • Expiration Date Usage:
    • Checking the 'Expiration Date' item activates the calendar.
    • Set the period by selecting the start date and end date.
    • Policy operates only during the set period.

Policy Application Priority

  • When multiple policies conflict, the policy with a higher priority (a smaller number) will be applied.
  • You can adjust the priority by dragging and dropping in the policy list.
  • If multiple policies are set for the same conditions, the most restrictive policy takes precedence.
  • Policy priorities should be set carefully as they are important for the effective management of policies.

Priority Quick Navigation

After selecting a policy, you can quickly change the priority using the following method.

  • Move to top / Move to bottom: Move immediately to the top or bottom
  • Priority Move Dropdown: Select the desired number to move directly to a specific location.

⚠️ Priority changes are not possible when search filters are applied. Please clear all filters before proceeding.

Download Policy Status

You can download the list of conditional policies as an Excel (.xlsx) file. This is provided separately from the existing JSON backup feature.

  • Download All: Save all registered policy information as an Excel file
  • Download Search Results: Save only the results with the current search filter applied as an Excel file.

💡 JSON download is for policy backup and restoration, while Excel download is used for status analysis and reporting purposes.