AppsCo supports different company policies that can be enabled on a company level for all managed users (users with a username including a company verified domain). There are two types of policies in AppsCo: Enforcing and Informational.
An enforcing policy is enforced on all company users in order to restrict certain types of behavior while informational policies are used to inform the users or more often admins about different breaches and unwanted behavior.
Select your company from the drop-down on the top, click on the burger menu and choose Policies from the navigation.
AppsCo supports several policies that you can activate for your company.
- Enforce two-factor
This policy forces all managed users to enable two-factor authentication on AppsCo. Once you enforce this policy all managed users in your company will be prompted to set up the two-factor authentication if it is not already enabled.
- IP whitelist
If you wish to allow your managed users to log in only from approved IP addresses, you can enter the values here. If there are multiple IP addresses that you wish to whitelist, separate them by commas. Once the IP addresses are entered, your managed users will not be able to log in from any other IP.
- Disapprove personal dashboard
You can turn on or turn off the personal dashboard for your managed users. If you turn off the personal dashboard, your managed users will no longer be able to view, add and share private resources and use their private dashboard. This does not mean that the personal dashboard and resources on it will be removed, just not accessible to managed users.
- Disapprove adding resources
Turning on this policy will disable the users from adding resources on their personal dashboard. This can be useful in case you do not wish to completely disapprove the personal dashboard, just disable creating non-company applications.
- Disapprove create company
You can decide if managed users will be able to create other companies on AppsCo while logged in with the email which has domain managed by your company.
- Disapprove mobile login
When this policy is turned on, all login attempts from the mobile devices will be blocked. When this policy is enabled, managed users will not be able to log in from any mobile device.
- Block TOR
By enabling this policy you will prevent the users coming from TOR browsers and anonymous networks from logging in.
- Ignore signature verification
Some of the Identity providers change their SAML assertion parameters often and without a prior warning which can cause the login to AppsCo via an external IdP to fail without an explanation. By enabling this policy you allow the users to log in using SAML assertion without a valid signature. This means that users will be able to log in since this policy is purely informational, but admins will be warned about the breach/issue and will be advised to act as soon as possible and replace the parameters in question. However, it is not advised to enable this policy on production instances.
- Login time restriction
This policy enables the company to set up a time restriction and define in which period the login to AppsCo is allowed and in which not. By setting up a time zone and a time period the company defines when the login is allowed. Admins will be able to log in at any time, regardless of the time restriction policy.
To enable any of the policies, just click on the enable button on the card and then confirm that you wish to enable the policy. Keep in mind that some policies like IP whitelist or Login time restriction require additional settings before you enable them. You can define the settings in the info section to the left in the Settings tab.
If you have any questions, please send us an email to firstname.lastname@example.org.