Skip to main content

Remote Console Conditional Policy

Basic Screen Configuration

The conditional policy screen is composed as follows.

  • Conditional Policy Tab: A tab where conditional policies can be applied to the registered server
  • Priority: Display policy priorities (the smaller the number, the higher the priority)
  • Add Policy: Top left of the**[Add Policy]**Create a new policy with the button
  • Search: Policy name, members, target server, usage status, and various other conditions can be searched.

You can search for policies based on various criteria, including not only the policy name but also members, target servers, conditions, enforcement policies, and usage status.

FilterSearch MethodExplanation
Policy NameIncluded SearchSearch for policy names that include keywords
MembersInclusive Search + Dropdown SelectionUser (Name·Email), Group, Department Search, Assignment/Exception Classification Selection, Multiple Selection Available
TargetDropdown SelectionSearch by registered server name or IP information, multiple selections allowed
UsageDropdown SelectionUse / Not Use Selection
conditionInclusive Search + Dropdown SelectionSearch by location (IP), time, device conditions, multiple selections available
Execution PolicyDropdown SelectionAccess Allow/Deny, Isolation Security Policy (All Allowed/Restricted Use), Additional Authentication Method Selection, Multiple Selections Possible

Member Search Details

When you enter a name or email in the search box, results will be displayed in real-time dropdown. You can select the Assignments / Exceptions tab to distinguish between cases that are assigned to a policy and those that are handled as exceptions. All members are fixed at the bottom of the dropdown and will only be included in the search results if selected directly.

Detailed Condition Search

  • Location: Search by entering an unrestricted location or a registered location name. The results are displayed in the format of location name | IP range.
  • Time: Search by entering an unlimited time or a registered time name. The results are displayed in the format time name | time range.
  • Device: Select from all devices, Desktop, Tablet, Mobile.

Execution Policy Search Details

  • Access Policy: Allow Access / Deny Access Selection
  • Isolation Security Policy: Allow All / Select Limited Use
  • Additional authentication methods: None / Email verification / OTP verification / Passkey (WebAuthn) verification selection (applies only to access permission policies)

Search Condition Combination Rules

  • Between filters (AND condition): If you set multiple different filters, only the policies that satisfy all conditions simultaneously will be displayed.
  • Within Filter (OR condition): If multiple items are selected within the same filter, any policy that matches at least one will be displayed.

Each set condition is displayed in tag form, and individual conditions can be removed using the × button on the tag.

⚠️ Priority changes are not possible when search filters are applied. To change the priority, please clear all search filters.

Get Policy

You can import and register a JSON file (single policy) or a ZIP file (multiple policies) that contains the conditional policy backup.

  • Download: Item checkbox check > Click the [Download Policy] button on the top button bar
    • When selecting 1 item: Download JSON file
    • When selecting 2 or more: Download as a ZIP file
  • import: Click the [Import Policy] button to select and register the backed-up JSON file or ZIP file.

Add Policy

Clicking on **[Add Policy]** will take you to the new conditional policy page, where you can set the policy basic information / conditions / enforcement policies / settings items.

Policy Basic Information

Policy Name

  • Name (required): Up to 20 characters can be entered
  • Description (optional): Up to 200 characters can be entered.

Members

Set users or groups to be included or excluded from this conditional policy.

  • allocation: Select all users or a specific user/group
  • Exclusion: Specify users or groups to be excluded from the policy. Excluded members will not be subject to the policy regardless of assignment. The 'All Users' option cannot be used in the exclusions.

Target Server

Select which server to apply this conditional policy to. You can choose from SSH / VNC / Telnet / RDP / Web type servers. When selecting a server, the name, IP (or URL), Port, and type information will be displayed.

Selection Limitations by Server Type

VNC, Telnet, RDP servers cannot be selected in conjunction with the SSH server.

  • When selecting VNC, Telnet, or RDP type servers: The SSH type server selection is disabled.
  • When selecting SSH type server: VNC, Telnet, and RDP type server selection will be disabled.

This is because VNC, Telnet, and RDP servers do not support file upload/download functionality.

If the VNC, Telnet, and RDP servers are included, the file upload and file download options are not displayed in the isolation security policy.

When selecting a web type server

The isolation security policy of the conditional policy that includes a web type server is provided in the same way as the entire isolation security policy item of the conditional policy for the URL input field. Keyboard input, site navigation, file upload/download, clipboard, session persistence, screen marking, print watermark, video conferencing mode, and context menu items are all displayed.


condition

Set conditions such as location and time for the access environment to be used in policy judgment.

Location Conditions

  • All Locations(Default): Apply policy at all locations without specific location conditions
  • Select Registered Location: Select from the locations registered in the conditions section of the Security365 Management Center.
  • [+Location Registration]: Click to add a new location condition
  • Exception Selection: Use to exclude a specific location among the selected locations.

Time Condition

  • All Time(Default): Always apply policy without specific time limits
  • Select Registered Time: Select from the registered time in the conditions section of the Security365 Management Center.
  • [+Time Registration]: Click to add a new time condition
  • Exception Selection: Use to exclude a specific time zone from the selected time.

The location and time conditions can be registered/deleted/edited in the [Condition Items] menu of the Security365 Management Center.


Execution Policy

Access Policy

  • Access Denied: Completely block server access under the given conditions
  • Access Allowed: Allows server access and enables the configuration of additional authentication methods

Additional authentication methods(Can be set only when access is allowed)

  • Not in use: Accessing the target without additional authentication
  • Email Verification: The authentication code input window appears and authentication proceeds (Time limit: 5 minutes)
  • OTP Authentication: Initial registration with QR code and recovery key instructions, proceed with authentication by entering the authentication code after registration.
  • Passkey (WebAuthn) Authentication: A method of additional authentication that verifies the user using passkeys registered on the user's device, such as fingerprints, PINs, and security keys. It offers a higher level of security than email and OTP authentication, allowing for quick access through biometric authentication alone without the need to enter an authentication code.
    • ① Show additional authentication modal: When accessing a target server (or desktop) with passkey additional authentication set up, a screen will appear at the top.Additional AuthenticationA modal will be displayed. "For secure access, identity verification is required using a passkey (fingerprint, PIN, security key, etc.)."**[Authenticate]**A button is provided.
      • Passkeys have a higher security requirement than other two-factor authentication methods, so the authentication window must be opened as a popup. This modal is for the user’s**Click (Gesture)**Steps to open a popup to bypass the browser's popup blocker.
    • ② Biometric authentication process: **[Authenticate]**Clicking will open an authentication window (popup) and display the message "Authenticate with security key or biometric program." You will proceed with identity verification using the registered passkey on the device through fingerprint, PIN, or security key on the OS authentication screen such as Windows Security.
    • ③ Access Permission: If authentication is successful, the authentication window will close and access to the target server will be allowed.

Other Matters— Passkey authentication requires that the user's identity has a passkey (passwordless) credential pre-registered. If the authentication window does not open or authentication continues to fail, please request SOFTCAMP to check the registration status of the passkey (passwordless) credential.

Isolation Security Policy

Set policies to control user actions on the server. The items provided vary depending on the type of the target server.

itemWebSSHVNC / Telnet / RDP
Keyboard Input
Site Navigation
File Upload
File Download
Clipboard Access
Session Maintenance
Screen Marking
Print Watermark
Video Conference Mode
Context Menu

Detailed Behavior Control Items

Keyboard Input: When blocked, the message "Input is prohibited by policy." will be displayed at the bottom center.

Site Navigation(Web type only): Access to domains other than the blocked one is not possible. When accessing a blocked site, you will be redirected to a page that says "This action is prohibited by policy."

File Upload(Web, SSH type only): When allowed, file extension restrictions and storage (my PC file folder / SHIELDGate file folder) settings can be configured.

File Download(Web, SSH type only): When blocked, it redirects to "This action is prohibited by policy." guidance page. When allowed, file extension restrictions and storage settings can be configured.

  • My PC file folder: Downloading files to the user's local PC
  • SHIELDGate File Cabinet: Save files to SHIELDrive storage (storage can be specified)
  • SHIELDViewer: Preview and download. Sub-options: PDF download / Original download / CDR download

Clipboard Access: Controls copy/paste direction between the isolated browser and the user PC. When blocked, a message "Clipboard usage is prohibited by policy." will be displayed at the bottom center.

Session Maintenance: When activated, idle time settings are available. After the idle time elapses, a first notification will be given, and the screen will be locked. You can return to the work page using the 'Refresh' button.

Screen Marking: When activated, it displays a watermark containing the username and email information on the screen. It is used to prevent data leakage and enhance accountability tracking.

Print Watermark(Web type only): When activated, it displays a watermark containing the username and email information on printed output.

Video Conference Mode(Web type only): Activate when using the web management console that requires video conferencing. When activated, the SHIELDGate shortcut feature is not provided.

Context Menu(Web type only): Controls the menu items displayed on right-click of the mouse individually ON/OFF by target area.

⚠️ SHIELDGate file box (SHIELDrive storage) usage requires that the member be assigned to the SHIELDrive storage.


Policy Settings

  • use: The policy is activated and works immediately
  • Not in use: The policy is disabled and does not operate.
  • Expiration Date: When checked, the calendar is activated to select the start date and end date to set the duration. If not set, it operates indefinitely.

Policy Application Priority

If multiple policies conflict, the policy with a higher priority (a smaller number) will be applied. You can adjust the priority by dragging and dropping in the policy list.

Priority Quick Move

  • Move to top / Move to bottom: Move instantly to the top or bottom
  • Priority Move Dropdown: Select the desired number to move directly to a specific location

⚠️ Priority changes are not possible when search filters are applied. Please proceed after clearing all filters.


Download Policy Status

You can download the list of conditional policies as an Excel (.xlsx) file. This is provided separately from the existing JSON backup feature.

  • Download All: Save all registered policy information as an Excel file
  • Download Search Results: Save only the results with the current search filter applied as an Excel file

💡 JSON download is for policy backup and restoration, while Excel download is used for status analysis and reporting purposes.