App Conditional Policy

The app conditional policy is a feature that allows for detailed management of access rights and isolation security policies for the created app. It can control app access based on conditions such as members, location, and time, and apply various security policies.

Table of Contents

Basic

• Basic Screen Layout
• Policy Search
• Policy Application Status Inquiry
• Fetch Policy

Policy Settings

• Add Policy
• Policy Basic Information- Policy Name, Members, Target App
• Setting Conditions- Location, Time
• Execution Policy- Access Policy, Additional Authentication
• Isolation Security Policy- Keyboard, File, Clipboard, Session, Context Menu, etc.
• Policy Configuration

Management

• Policy Application Priority
• Download Policy Status
• Management of Default Execution Policy

---

Basic Screen Layout

The conditional policy screen is structured as follows:

1. Conditional Policy Tab: A tab where you can apply conditional policies to apps created on the home page.
2. Priority: Display policy priorities (the smaller the number, the higher the priority)
3. Add Policy: Top left**[Add Policy]**Create a new policy with a button
4. Search: Policy name, members, target app, usage status, and various other conditions can be searched.
5. Policy Application Status Inquiry: Top button bar of the policy list**[Policy Application Status Inquiry]**View application history by policy and policies not applied with the button

---

Policy Search

You can search for policies based on various criteria, including policy name, members, target apps, conditions, enforcement policies, and usage status.

Types of Search Filters

Filter	Search Method	Description
Policy Name	Included Search	Search for policy names containing keywords
Members	Inclusive Search + Dropdown Selection	User (Name·Email), Group, Department Search, Assignment/Exception Type Selection, Multiple Selection Available
Target	Dropdown Selection	Search by app name or app representative URL, multiple selections allowed
Usage	Dropdown Selection	Use / Not Use Selection
condition	Inclusive Search + Dropdown Selection	Search by location (IP), time, and device conditions, multiple selections available
Execution Policy	Dropdown Selection	Access Allow/Deny, Isolation Security Policy (All Allowed/Restricted Use), Select Additional Authentication Methods, Multiple Selections Possible

Member Search Details

• When you enter a name or email in the search box, results will be displayed in real-time in a dropdown.
• Allocation / ExceptionYou can search by distinguishing between cases where a tab is selected and cases that have been handled as exceptions.
• 모든 구성원is fixed at the bottom of the dropdown and is included in the search results only when selected directly.

Detailed Condition Search

• Location: 위치 제한 없음or enter a registered location name to search. The results are위치명 | IP 범위It will be displayed in the format.
• time: 시간 제한 없음You can search by entering a registered time name. The results are시간명 | 시간 범위It will be displayed in the format.
• Device: 모든 디바이스, Desktop, Tablet, MobileSelect an option.

Execution Policy Search Details

• Access Policy: Select Allow Access / Block Access
• Isolation Security Policy: Allow all / Select limited use
• Additional authentication methods: Not used / Email verification / OTP verification selection (applies only to access control policies)

Search Condition Combination Rules

• **Between filters (AND condition)**If you set multiple different filters, only the policies that satisfy all conditions simultaneously will be displayed.
• **Within Filter (OR Condition)**When selecting multiple items within the same filter, any matching policies will be displayed.
• Each condition you set is displayed in the form of tags, and the tags'×You can remove individual conditions with the button.

⚠️ You cannot change the priority when a search filter is applied. To change the priority, please clear all search filters.

---

Policy Application Status Inquiry

At the top of the policy list**[Policy Application Status Inquiry]**Clicking the button opens a modal where you can view the application history of conditional policies and the policies that were not applied by period.

Modal Configuration

Modal Title: Policy Application Status Inquiry

area	Content
Query Period	[시작일] ~ [종료일]Calendar Selection
tab	Applied Policies / Unapplied Policies
Download	top right[↓]Download Excel of Query Results with Button

---

Applied Policies Tab

to the user during the set period**Policies Actually Applied (Heating)**Displays the list.

Table Column Configuration

column	Description
Priority	Current priority number of the policy
Policy Name	Policy Name (click to move to the edit details screen)
Description	Policy Description
Policy Usage Status	Currently in use / Not in use status
Application Frequency ↑↓	Number of times the policy was applied during the inquiry period (thousand unit comma display, sortable)
Recent application date ↑↓	The most recent date when the policy was applied within the inquiry period (sortable)

💡 Application CountWowRecent application dateColumns can be sorted in ascending/descending order. When sorting by the number of applications in ascending order, you can quickly check policies with low usage frequency at the top.

How to Use

1. **[Policy Application Status Inquiry]**Button Click → Open Modal
2. Setting the Query Period (Start Date ~ End Date)
3. Applied PoliciesCheck Tab
4. Sort by clicking the header of the application frequency or most recent application date column.
5. Clicking on the policy name allows you to navigate to the detailed editing screen of that policy.
6. top right[↓]Download Excel Results by Clicking the Button

---

Unapplied Policy Tab

during the set period**Policy that has never been applied (heating)**Displays the list.

Table Column Configuration

column	Description
Priority	Current priority number of the policy
Policy Name	Policy Name (click to move to the edit details screen)
Description	Policy Description
Policy Usage Status	Currently in use / Not in use status

How to Use

1. **[Policy Application Status Inquiry]**Button Click → Open Modal
2. Setting the Query Period (Start Date ~ End Date)
3. Unapplied PoliciesTab Selection
4. Check the list of policies that were not applied even once during the specified period.
5. Clicking on the policy name allows you to navigate to the detailed editing screen of that policy.
6. top right[↓]Download Excel Results by Clicking the Button

💡 By periodically checking for unapplied policies and organizing unnecessary ones, you can reduce the complexity of policy management and optimize the security environment.

---

Fetch Policy

• You can import and register a backup JSON file (single policy) or a ZIP file (multiple policies) for conditional policies.

[How to Use]

1. Download: Check the item checkbox > Click the [Download Policy] button on the top button bar.
   • Download JSON file when 1 is selected
   • When selecting 2 or more: Download as a ZIP file.
2. Import: Click the [Import Policy] button to select and register the backed-up JSON file or ZIP file.

---

Add Policy

**[Add Policy]**Clicking will take you to the new conditional policy page, where you can set the following items:

• Policy Basic Information
• condition
• Execution Policy
• Settings

---

Policy Basic Information

Policy Name

• name(required): Up to 20 characters can be entered
• Description(Optional): Up to 200 characters can be entered.
• The conditional policy name is a required value, and you must enter a unique name to identify the policy.

Members

Set users or groups to include or exclude in this conditional policy.

Allocation

• All users: Apply policies to all users
• Select User or Group: Search and select a specific user or group
  • Search by entering a username or group name in the search box.
  • The selected user or group can be confirmed in the box below.

Exclusion

• Specify users or groups to exclude from the policy
• Excluded members are not subject to the policy regardless of allocation status.
• The 'All Users' option cannot be used in the exclusions.
• If you select members to exclude, you can check the list of excluded members in the box below.

Target App

• Select the app or app group to apply this conditional policy.
• The policy applies only to the selected app or group.
• You can select multiple apps, and you can also select them by app group.

---

Setting Conditions

Set conditions such as location and time to be used for policy judgment. Based on the assigned conditions, determine the user's access environment and decide whether to apply the policy.

Location Conditions

You can choose from the following two items for the location (IP) condition:

• All Locations(default): Apply policy at all locations without specific location conditions
  • Exception selection: To exclude only specific locations among all locations, specify the locations to be excluded through 'exception selection'.
• Select Registered Location: Select from the locations registered in the Security365 Management Center's condition items.
  • Click 'Select a location' to view the list of registered locations.
  • [+Register Location]: Click to add a new location condition
  • Exception Selection: Use 'Exception Selection' to exclude specific locations from the selected locations.

Time Conditions

You can choose from the following two time conditions:

• all time(default): Always apply the policy without any specific time limit
  • Exception Selection: To exclude only specific time zones among all times, specify the time to be excluded through 'Exception Selection'.
• Registered Time Selection: Select from the registered time in the conditions section of the Security365 Management Center.
  • Click 'Select a Time' to check the list of registered times.
  • [+Time Registration]: Click to add a new time condition
  • Exception Selection: Use 'Exception Selection' to exclude specific time zones from the selected time.

Condition Management Notes

• The location and time conditions can be registered/deleted/edited in the [Condition Items] menu of the Security365 Management Center.
• Use exception selection to finely configure when complex conditions are required.

---

Execution Policy

Access Policy

Sets the access permissions when a member of the target to which this conditional policy applies wants to connect.

Access Permission

• Access Denied: Completely block app access under the given conditions
• Access Permission: Allows app access and enables the setting of additional authentication methods.

Additional authentication methods(Only configurable when access is allowed)

• Not in use: Accessing the target without additional authentication
• Email Verification:
  • An authentication code input window appears, and the authentication process begins.
  • Time limit: 5 minutes
  • If you did not receive the authentication code within the time limit, click 'Resend Authentication Code'
• OTP Authentication:
  • Instructions for QR Code and Recovery Key During Initial Registration
  • Enter the authentication code after registration to proceed with authentication.

When authentication fails

• "Authentication has failed." Display alert popup
• Unable to access the target

---

Isolation Security Policy

Set policies to control user behavior within the app. Each behavior control item can be selected for allow/block.

Behavior Control Item

Keyboard Input

• Allow/Deny Settings
• When blocked: A message "Input via keyboard is prohibited by policy." is displayed at the bottom center.

Site Navigation

• Allow/Deny Settings
• Allowed: Free movement to all sites
• Blocked: Navigation is only possible to the representative URL and associated URLs.
• When accessing a blocked site: Redirect to the "This action is prohibited by policy." information page.

File Upload

• Allow/Deny Settings
• Additional settings when allowed:
  • File Extension Restrictions: Select allowed file extensions (e.g., jpg, png, pdf, etc.)
  • Repository Selection:
    • My PC File Cabinet
    • SHIELDGate File Box

File Download

• Allow/Deny Settings
• When blocked: "This action is prohibited by policy. Downloading is prohibited by policy." Go to the guidance page, return to the previous screen with the close button.
• Additional settings when allowed:
  • File Extension Restrictions: Select allowed file extensions
  • Repository Selection:
    • My PC File Cabinet
    • SHIELDGate File Box (SHIELDrive storage can be specified if selected)

Precautions When Using SHIELDrive Storage

• The member must be assigned to SHIELDrive storage to be available.
• Unable to download files if there is no storage allocation

Clipboard Access

• Control of Copy/Paste Between Isolated Browser and User PC
• Individual settings available by direction:
  • Whether to allow clipboard access from the isolated browser to the user's PC
  • Allowing Clipboard Access in Isolated Browser on PC
• When blocked: A message stating "Clipboard usage is prohibited by policy." is displayed at the bottom center.

Session Persistence

• Activating session persistence protects the data on the screen through a lock screen when there is no screen activity during idle time.
• Idle time setting available when activated (in minutes)
• When idle time elapses, the screen is immediately locked, and you can return to the work page through the 'Refresh' button.

Screen Marking

• Enable/Disable Settings Available
• When activated: Display a watermark on the screen containing username, email information, etc.
• Data Leakage Prevention and Enhanced Accountability Traceability
• The screen mark display method can be customized in the menu 'Business System > Security Screen Settings > Screen Marking/Watermark Settings'.

Print Watermark

• Enable/Disable settings available
• When activated: Display a watermark on the screen containing username, email information, etc.
• Data Leak Prevention and Enhanced Accountability Tracking
• The watermark display method can be customized in the menu 'Business System > Security Screen Settings > Screen Marking/Watermark Settings'.

Video Conference Mode

• Activate in business systems that require video conferencing
• Limitations when activated:
  • Unable to use SHIELDGate shortcut feature (Shortcut icon not provided in the upper right corner)
  • Settings for Optimizing Video Conference Performance

Context Menu

• Enable/Disable settings available
• When activated: Individually control the context menu items displayed when right-clicking in the RBI browser by target.
• 컨텍스트 메뉴 설정 >Clicking the link will open the detailed settings slide.
• Current configuration status summary text (e.g:32개 표시 | 2개 숨김) is indicated.

Context Menu Detailed Settings

Individually control the menu items to be displayed for each clickable target area by turning them ON/OFF.

area	Description
Page Background Area	Context menu displayed on right-clicking empty space (Back, Forward, Refresh, Print, View Page Source, Inspect, etc.)
Text Selection Area	Context menu displayed after right-clicking on text after dragging (copy, print, etc.)
link	Menu displayed when right-clicking on a link (Open in new tab, Copy link address, etc.)
image	Menu displayed when right-clicking on an image (Save image, Copy image, etc.)
video	Menu displayed when right-clicking on the video (Play/Pause, Save video, etc.)
Audio	Menu displayed when right-clicking on the audio (Play/Pause, Save Audio, etc.)
Input Field	Context menu displayed on right-clicking the text input field (cut, copy, paste, etc.)

• Each item within the area is controlled by an individual ON/OFF toggle,전체 ON / 전체 OFFYou can toggle all items in the area at once with a button.
• bottom초기화Clicking the button will reset all items to their default values.
• If all items in a specific area are OFF, the context menu will not be displayed when right-clicking in that area.

⚠️ Shortcut Key IntegrationIf you set the menu item to OFF, the associated keyboard shortcuts will also be blocked. (e.g., Print item OFF →Ctrl + PBlock)

⚠️ Top Button Constraints: Setting the back/forward/refresh menu items to OFF does not block clicks on the navigation buttons at the top of the browser. Shortcuts (Alt+←, F5Only (etc.) will be blocked.

Video/AudioYou can control the basic playback-related menu for video and audio, which is applied based on the standard context menu items of the browser.

Shortcut KeysThe browser's default shortcuts associated with context menu items are controlled together, while custom shortcuts are excluded.

---

Policy Configuration

You can set the usage and validity period of this conditional policy.

Usage Status

• use: Policy is activated and works immediately
• Not in use: The policy is disabled and not functioning.

Expiration Date

• When not set: Operate indefinitely
• Expiration Date Usage:
  • Checking the 'Expiration Date' item activates the calendar.
  • Set the period by selecting the start date and end date.
  • Policy operates only during the set period.

---

Policy Application Priority

• When multiple policies conflict, the policy with a higher priority (a smaller number) is applied.
• You can adjust the priority by dragging and dropping in the policy list.
• If multiple policies are set under the same conditions, the most restrictive policy takes precedence.
• Policy priorities should be set carefully as they are important for the effective management of policies.

Priority Quick Move

After selecting a policy, you can quickly change the priority using the following method.

• Move to top / Move to bottom: Move immediately to the top or bottom
• Priority Move Dropdown: Select the desired number to move directly to a specific location

⚠️ Priority changes are not possible when search filters are applied. Please clear all filters before proceeding.

---

Download Policy Status

You can download the list of conditional policies as an Excel (.xlsx) file. This is provided separately from the existing JSON backup feature.

• Download All: Save all registered policy information as an Excel file
• Download Search Results: Save only the results with the current search filter applied to an Excel file.

💡 JSON download is for policy backup and restoration, while Excel download is used for status analysis and reporting purposes.

---

Management of Default Execution Policy

This is a feature that allows you to pre-set and manage the default values automatically filled in the execution policy and isolation security policy items when registering a new conditional policy. It reduces repetitive manual settings and prevents omissions and incorrect inputs.

Accessing the Default Value Management Screen

Right side of the top button bar in the policy list**[Management of Default Values for Execution Policies]**Click the button.

[+ 정책 등록]  ...  [집행정책 기본값 관리]

※ The default values for the app and the URL input field are managed independently. Changing the default value in one menu does not affect other menus.

Default Value Setting Range

The items that can be set in the default value management screen are as follows.

item	Whether to apply default values	Remarks
Policy Name / Description	❌	Unique input for each policy
Members / Target App	❌	Unique designation for each policy
Conditions (Location·Time)	❌	Directly set for each policy
Execution Policy(Access Policy · Additional Authentication)	✅
Isolation Security Policy(keyboard, file, clipboard, session, context menu, etc.)	✅
Settings (Usage Status · Validity Period)	❌

Save Default Value

After setting the execution policy and isolation security policy items in the default value management screen,**[Save]**Click the button.

Action	result
**[Save]**Click	The current settings are saved as the default values for the app conditional policy. They will be automatically applied when a new policy is registered.
**[Cancel]**Click	Return to the list screen without saving changes
Default value not set (initial)	Display in system initial value (fully allowed, not set) state

Automatically apply when registering a new policy

**[Add Policy]**When clicked, the execution policy and isolation security policy items are automatically filled with the default values. Enter the policy name, members, target app, and conditions, and register by modifying only the necessary items.

status	Action
When a default value is set	Execution Policy · Isolation Security Policy Initialized to Default
If no default value is set	Initialize to system default values (same as existing operation)
If manually modified after automatic application	The modified value takes precedence and does not affect the default value.

※ Automatic application only applies to the initial value setting when registering new items. It does not affect existing saved policies.

Apply Default Values in Bulk to Selected Policies

After selecting the policy with checkboxes in the list, use the top button bar.**[Applying Default Execution Policy]**By clicking the button, you can overwrite the execution policy and isolation security policy items of the selected policy with the current default values.

How to Use

1. Select the checkbox for the policy to apply the default value from the list.
2. in the top button bar**[Applying Default Execution Policy]**Click the button.
3. Check the default values to be applied in the confirmation dialog (execution policy · isolation security policy summary).
4. **[Apply Default]**Clicking the button will immediately apply the default values to the selected policy.

⚠️ The default values are saved immediately. Policy name, description, members, target apps, conditions, and settings will not be changed. ⚠️ If no default is set, the system's initial values will be applied.