Skip to main content

Conditional Policy

Control of Business SystemsConditional PolicyThe tab manages policies that limit the number of screens that can be opened simultaneously in the work system (app, URL input field) accessible by each member and in the isolated browser.

⚠️ Important Notice: This policy applies to all access to business systems.Highest Priority Control PolicyIt is. The menus that are not allowed here cannot be accessed by users regardless of how the sub conditional policies (app conditional policies, URL input field conditional policies) are set.

Feature Overview

Conditional policies restrict the menus that users can access in SHIELDGate and efficiently manage isolated browser resources.Top-Level Permission ControlIt is a feature.

Controllable Items

  • app: Access Permissions for Registered App List
  • URL input field: Direct URL Input Feature Access Permission
  • Maximum number of screens: Limit on the number of screens that can be opened simultaneously in an isolated browser

Policy Application Structure

조건부정책 (최상위)
├── 앱 허용 → 앱 조건부정책 적용 가능
├── URL입력창 허용 → URL입력창 조건부정책 적용 가능
└── 최대 화면 수 설정 → 구성원별 화면 수 제한

Example:

  • Conditional policy "URL input field" not allowed → URL input field conditional policy invalid
  • Conditional policy "App" not allowed → App conditional policy invalid
  • Set the maximum number of screens to 10 in conditional policies → the corresponding member can use up to 10 screens only.

Policy Priorities

If the same member is included in multiple policies,**Policies with higher priority (smaller numbers) are applied first.**It works.

Example:

  • Priority 1: Member Hong Gil-dong / Work SystemAllowable / Maximum number of screens 5
  • Priority 2: Member Organization / Work SystemandURL입력창Allowed / Maximum number of screens unlimited
  • result: Hong Gil-dong has a priority 1 policy applied, making the URL input field unusable, and a maximum of 5 screens can be used.

Screen Configuration

Admin Page →Business System ControlConditional PolicyMove to tab

Key Components

1. Policy List

  • Priority: Policy Application Order (1 is the highest priority)
  • Policy Name: Unique name identifying the policy
  • Members: Users/Groups to Whom the Policy Applies
  • Target Business System: Allowed Menu (App, URL Input Field)
  • Maximum number of screens: Number of screens that can be used simultaneously
  • Last Updated: Last modified date

2. Top Features

  • [+ Register Policy]: Create a new control policy
  • Search: Searchable by various criteria such as policy name, members, target, usage, etc.
  • Edit/Delete: Modify or delete the selected policy

You can search for policies based on various criteria, including policy name, members, target business systems, and usage status.

Types of Search Filters

FilterSearch MethodDescription
Policy NameIncluded SearchSearch for policy names containing keywords
MembersInclusive Search + Dropdown SelectionUser (Name·Email), Group, Department Search, Assignment/Exception Classification Selection, Multiple Selection Available
TargetDropdown SelectionApp, URL input field selection, multiple selection possible
UsageDropdown SelectionUse / Not Use Selection
conditionInclusive Search + Dropdown SelectionSearch by location (IP), time, and device conditions, multiple selections available
Execution PolicyDropdown SelectionAllow/Block Access, Select Additional Authentication Methods (Email·OTP), Multiple Selections Available

Member Search Details

  • When you enter a name or email in the search box, results are displayed in real-time in a dropdown.
  • Allocation / ExceptionYou can select a tab to search for cases where the member is assigned to the policy and where exceptions are handled.
  • 모든 구성원is fixed at the bottom of the dropdown and is included in the search results only when selected directly.
  • Location: 위치 제한 없음or enter a registered location name to search. The results are위치명 | IP 범위It will be displayed in the format.
  • time: 시간 제한 없음You can search by entering a registered time name. The results are시간명 | 시간 범위It will be displayed in the format.
  • Device: 모든 디바이스, Desktop, Tablet, MobileSelect 중.

Search Condition Combination Rules

  • **Between filters (AND condition)**If you set multiple different filters, only the policies that satisfy all conditions simultaneously will be displayed.
  • **Within Filter (OR Condition)**If you select multiple items within the same filter, any matching policies will be displayed.
  • Each set condition is displayed in the form of tags, and the tags'×You can remove individual conditions with the button.

⚠️ When search filters are applied, priority changes (drag and drop) are not possible. To change the priority, please clear all search filters.

3. Policy Trends
If no policy is registered, the following message will be displayed:

  • "There are no registered work system control policies."
  • Policy Registration Guide Text:
    • You can control members' access to the business system (app and URL input field).
    • Even if you set conditional policies in the [App and URL Input Field] of the full menu, assigned members cannot access the business system.

Add Policy

1. Start Adding Policy

  • **[+ Register Policy]**Button Click
  • The policy addition slide panel opens from the right.

2. Basic Policy Information

These are the default settings displayed at the top of the slide panel.

Policy Name

  • Enter a unique name to identify the policy
  • Duplicate names cannot be used.
  • Example: "Development Team", "Basic Policy", "Executive Exclusive" etc.

Members

Select the target to which the policy will be applied.

Select Allocation Method:

  • All Users: Apply policy to all users
  • Select User or Group: Specify a specific user or group

When selecting users/groups:

  1. Selecting a Target in the Allocation Tab
  2. Select exception target in the Exclusions tab (optional)
  3. Search for username or group name through the search bar
  4. The selected members can be confirmed in the box below.

Target Business System

Select the allowed menu with checkboxes:

  • app: Allow access to the list of registered apps
  • URL input field: Allow direct URL input feature access
  • You can select both or only one.

3. Conditions

You can set conditions for location, time, and device to restrict the policy to be applied only in specific environments.

Location (IP)

No location restrictionsWhen selected:

  • Apply policies in all locations

Location restrictions applyWhen selected:

  • Select from the locations registered in the Security365 condition items.
  • Apply the policy only at the selected location
  • If a new location condition is required**[+Register Location]**Click

time

No time limitWhen selected:

  • Apply policy at all times, 24 hours a day

Time limit appliesWhen selected:

  • Select from the registered time in the Security365 condition items.
  • Apply the policy only to the selected time zone
  • If a new time condition is needed**[+Register Time]**Click

Device

No device restrictionsWhen selected:

  • Applying Policies on All Devices

Device restrictions applyWhen selected:

  • Select from the devices registered in the Security365 condition items.
  • Apply the policy only on the selected device
  • If new device conditions are required**[+Device Registration]**Click

4. Control Policy

Number of Concurrent Screens

Set the maximum number of screens that can be opened simultaneously in the isolation browser.

Settings Options:

  • No limit on the number of screens(default): Unlimited use without screen number limit
  • Specify Maximum Number of Screens: Enter the maximum number of screens directly
    • Input format: Integer greater than or equal to 1 (at least 1)
    • For example: When entering 10 → The member can use a maximum of 10 screens only.

Effects of Screen Count Limit:

  • Preventing Excessive Use of System Resources
  • Fair Resource Allocation
  • Ensuring overall system performance stability
  • Flexible resource management with differentiated restrictions by member

5. Configuration

Policy Settings

Set whether the policy is activated.

  • use: Activate the policy immediately and apply it to members
  • Not in use: Save the policy but keep it inactive.

6. Save Policy

  • After completing all settings**[Save]**Button Click
  • The policy is applied immediately and reflected to the respective members.

Policy Modification

How to fix

  1. Policy Selection: Select a single policy to edit from the list.
  2. Edit Button: Activated at the top**[Edit]**Button Click
  3. Content modification: Change required items on the policy modification slide
  4. Save: **[Save]**Apply changes with the button

Editable Items

  • Policy Name (No Duplicates Allowed)
  • Member Assignment/Exclusion
  • Allowed Work System (App/URL Input Field)
  • Setting Conditions (Location/Time/Device)
  • Maximum Screen Count Setting
  • Policy Settings

Change Priority

After selecting a policy, you can change the priority using the following method.

  • Drag and Drop: Drag and drop the policy directly from the list to your desired location.
  • Move to top / Move to bottom: Move immediately to the top or bottom
  • Priority Move Dropdown: Select the desired number to move directly to a specific location.

⚠️ Priority changes are not possible when search filters are applied. Please clear all filters before proceeding.

Download Policy Status

You can download the list of conditional policies as an Excel (.xlsx) file. This is provided separately from the existing JSON backup feature.

  • Download All: Save all registered policy information as an Excel file
  • Download Search Results: Save only the results with the current search filter applied as an Excel file

💡 JSON download is for policy backup and restoration, while Excel download is used for status analysis and reporting purposes.

Delete Policy

Deletion Method

  1. Policy Selection: Select one or more policies to delete from the list.
  2. Delete Button: Activated at the top**[Delete]**Button Click
  3. Delete Confirmation: In the confirmation modal window**[Check]**Button Click

Cautions

  • Deleted policies cannot be restored.
  • Members of the policy are subject to the basic policy or other policies.

User Experience

When the screen limit is reached

If the user attempts to open a new screen when the maximum number of screens set has been reached, an information modal will be displayed.

Modal Window Example (Limit of 10)

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
화면 열기 제한 안내
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

현재 사용자는 동시에 최대 10개의 격리 브라우저 화면만 열 수 있습니다. (관리자 정책에 따른 개인별 제한)

새 화면을 열려면 기존에 열려 있는 화면을 닫은 후 다시 시도해 주세요.

[확인]
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Action Description:

  • If the user retries after closing the existing screen, normal access will be restored.
  • The "N" in the modal window is dynamically displayed based on the set maximum number of screens.
  • When [Confirm] is clicked, the modal window closes and the user can manage the existing screen.

Problem Solving

Common Issues

When a conditional policy is set but the user cannot access it:

⚠️ Most Common Causes: This menu is not allowed in conditional policies.

  1. Verification Order:
    • Priority 1: Check whether the menu (app/URL input field) is allowed in the conditional policy.
    • 2nd priority: Check if the user is included in the conditional policy.
    • 3rd Priority: Check the settings for subordinate conditional policies (app conditional policies, URL input field conditional policies)
  2. Solution: Allow the necessary menu in the conditional policy first, then set the sub-policy.

When the user can no longer open the screen:

  • Check the maximum number of screens set in the conditional policy
  • Check the priority of the policies applied to the user
  • Modify the policy to increase the maximum number of screens or change it to unlimited if necessary.

When the policy is not applied:

  • Check Priority (whether there is a higher priority policy)
  • Check member settings (whether included in the exclusion list)
  • Check Condition Settings (Time/Location Condition Fulfillment)

When the menu is not visible:

  • Check the policies applied to the user
  • Check if the necessary menus are checked in the business system selection options.

Condition setting error:

  • Check if the location/time/device conditions are correctly registered in the Security365 condition items.
  • Check if the required condition is set to "Limit Exists"

Policy Configuration Order

Step 1: Set Conditional Policies

  • Basic Menu Access Permission Settings (App/URL Input Field)
  • Maximum Number of Screens per Member Setting

Step 2: Set App Conditional Policies

  • Detailed Permission Settings for Individual Apps

Step 3: Setting Conditional Policies for the URL Input Field

  • Detailed Permission Settings by URL

⚠️ CautionMenus not allowed in step 1 make the settings in steps 2-3 meaningless.

Priority Management

  • Set exceptional policies to high priority
  • Set general policies to low priority
  • Regular Review of Priority System
  • Development Team/Designer: 30~50 items (multiple references needed)
  • General Office Position: 10~20 items (work documents and system access)
  • Executives/Management: Unlimited or high limits (flexible work environment needed)
  • External Partners/Contract Workers: 5~10 items (limited access recommended)

Monitoring Methods

  • Session ManagementCheck the real-time screen usage status in the tab
  • Excessive Screen User Identification and Policy Adjustment
  • Regular Policy Effectiveness Review