App Policy
App Policies are used to enforce specific configurations and actions within applications to ensure compliance and strengthen security. These policies provide administrators with the ability to define rules and checks that apps must adhere to. They can include mandatory settings which apps cannot override, apply certain actions when checks fail, and even incorporate different severity levels for potential issues. App policies help maintain a consistent operational environment across all applications in an organization by controlling configurations and responses to non-compliance.
For details about all available policy checks see the 'Checks' section of this documentation.
Policy settings and actions at the policy check level determine how compliance issues within an application are managed and addressed. Settings define whether a policy is mandatory, its applicability, and the severity of any potential non-compliance issues. Actions specify what happens when a check fails, such as doing nothing, generating an alert, or assigning a task. These configurations ensure that the necessary controls are in place to handle rule violations effectively, maintaining application security and organizational compliance.
Policy Settings
Aside from the individual policy checks that you enable or configure, there are settings that apply to the entire policy:
Mandatory? If enabled, this policy applies to all apps in the scope (Global or Group) of the policy, and the configuration cannot be overridden by group or app administrators (for Global policies) or app administrators (for Group policies).
Ignore Marketplace modules? If enabled, policy checks will not apply to Marketplace modules.
Enabled? If set, this policy will be checked. If not, this policy will not be checked.
Severity. The severity level for this policy check. The configured level will be used when creating a check result when this check fails.
Policy Actions
When a policy check fails it is possible to configure an action to take. This action will only occur once per failure of a specific check type. If there are multiple check results for a given check type, the action will only execute once. The following actions can be configured:
Nothing. (Default) No additional action will be taken.
Alert. An alert will be generated with the details of the check type that failed and the environment. This will appear in the AppControl alerts dashboard.
Assign Task. When this check fails the selected task will be assigned. Note that if a task is assigned, it will not be assigned multiple times. If the assigned task is completed and the check fails again, a new task will be assigned. When this action is selected the following options appear:
Task library. The task library that contains the task you want to assign. Only tasks with the scheduled type 'One Time' can be selected. Note: The task libraries that are available to be selected from depends on the policy scope:
Global: Only the Global Task Library can be used.
Group: The Global and Group task libraries can be used.
App: The Global, Group and App libraries can be used.
Task to assign. The task you want assigned.
Assign task to. Which role you want to assign the task to. If the task assignment type has been pre-configured in the task template it is not possible to change it here.
Last updated