Page tree
Skip to end of metadata
Go to start of metadata

From the Policies page, you can modify the default settings that display on the Policies tab for an app (available when you display an app's Details page) before any changes are applied to that app. These defaults represent your organization's standard set of security policies. You and other administrators can alter policy settings, as necessary, when applying policies to a specific app.

For a description of each app policy, including an overview of the mobile user's experience, see Application Policies.

If you or another administrator changes the default settings at a later time, it has no effect on policies that have already been applied to an app.

To set the application policy defaults for your organization
  1. On the Admin Portal navigation bar, click Policies.

  2. Click the right arrow by each policy to expand the list of options and then select the desired defaults. Note the behavior described in the following table. Defaults are set as soon as you select them; you do not need to apply your changes.

    The default options that you select will display on the Policies tab for an app only when the policy is enabled by default. For example, if you enter a minimum length and maximum age rule for the Local App Authentication policy, you will see those entries on the Policies tab only if you selected the Enabled by Default check box for the Local App Authentication policy on the Policies page.

    Defaults set on the Policies page will not display on the Policies tab for an app that already has policies applied to it.

    If you enable this policy by default...Then...
    Open Web Page
    1. Select the number of times the user needs to open the application before a browser window will automatically open to a specified URL.
    2. Enter the URL for the web page that will open. Enter the URL in this form: Scheme://Domain/Path. The Scheme can be http or https.

    For example, the following settings specify that the page will display after a user opens the app 10 times.

    When you apply this policy to an app, you can override one or both of these default settings.

    Apple On-Demand VPN (for iOS apps only)

    You cannot enable both this policy and the Pulse Secure VPN or Secure Microtunnel policy.

    If this policy is not listed, it means the feature is disabled for your organization. If you are interested in using this policy, contact Apperian Customer Support at

    Optionally define a default VPN configuration profile that will be added to the device when the user launches an app wrapped with this policy for the first time. For details, see Apple On-Demand VPN Configuration Profile Settings. You will be able to modify this default connection when you apply the policy to a specific apps.

    Pulse Secure VPN (for iOS apps only)

    You cannot enable both this policy and the Apple On-Demand VPN or Secure Microtunnel policy for the same app.

    In the Connection URL field, modify or enter the URL for your Pulse Connect Secure VPN gateway.

    App Password (for iOS apps only)
    1. Select the minimum number of characters required for the password. (Valid Values: 6-16)

    2. Select password complexity requirements. Password complexity requirements are shown in the image below. (Valid Values: 0-10)

      When you apply this policy to an app, you can override these default settings.

    Secure Microtunnel

    You cannot enable both this policy and the Apple On-Demand VPN or Pulse Secure VPN policy.
    You cannot enable this policy until you have created one or more VPN connections. For instructions, see Create a VPN Connection. Add all the VPN connections you want administrators to be able to choose from when applying this policy to an application. The first VPN connection in the list will be selected by default when applying this policy on the Policies tab. Use the control buttons to move a connection up or down in the list.

    14Dec2016 Set Application Policy Defaults

    Local App AuthenticationModify the default passphrase settings as desired. Optionally, enable/disable Allow fingerprint authentication. See Local App Authentication Policy Options for details.
    Client CertificatesWhen this policy is applied to an application, it obtains a client certificate from your Atlas Gateway server and stores it on the user's device. Enter URL Matching Rules to define which sites are presented with client certificates and which are not. If you do not specify URL Matching Rules, a certificate will be presented to any site that the app attempts to access. White List Exceptions rules are processed before any White List rules.
    1. Under White List Exceptions, add one or more exception rules. The client certificate will not be presented to any sites that match the exception rules.
    2. Under White List, add one or more white list rules. The client certificate will be presented to a site that matches a white list rule, unless that site also matches a white list exception rule. 

    When adding rules, follow these guidelines:

      • In the Host Pattern field, specify a matching pattern for the host name. The pattern must start with http:// or https:// and can include a wildcard (*) anyplace else in the pattern. 

        Example: http://* matches and

      • In the Port field, specify a port number. Use a wildcard (*) anyplace in the port number, or use * alone to specify any port on the host. If empty, Port defaults to port 443 (HTTPS).

    Server Certificates

    Click the Upload New Certificate button to upload one or more X.509 certificates. Be sure to upload all the root certificates and any intermediate CA certificates your apps will need to trust accessed site(s). When you apply this policy to a specific application, you can then choose from the list of uploaded certificates to select the certificates that app will need. Use the checkboxes to identify which certificates will be selected by default on the Policies tab when applying this policy.

Apple On-Demand VPN Configuration Profile Settings

Fill in the form to define a default VPN configuration profile that will display on the Policies tab when you select the Apple On-Demand VPN policy. When applying the policy to a specific app, you can use the default configuration profile as is, or modify fields as necessary.


Profile Name

Enter a name for the VPN configuration profile. This name will display on the Settings->General->VPN page of the device when the VPN configuration is added.

Profile DescriptionEnter a brief description of the VPN profile.
VPN ServerEnter the address of the VPN server. The address can be a numeric IP address or a fully-qualified host name.
Pre-shared KeyEnter the IPsec PSK (shared secret) to be used by IKE during the authentication phase.
Key Id/VPN Group

Enter the IPsec identifier or VPN group name.

IKE VersionSelect the IKE (Internet Key Exchange) version: 1 or 2. IKE version 1 or 2 is the protocol used to set up a security association in the IPsec protocol suite.

Local App Authentication Policy Options

For the Local App Authentication policy, set the following options to define the criteria of the user-set passphrase.

Passphrase Settings

Minimum Length


Specify the minimum number of characters required for the passphrase.

Valid values: 6 to 16




If you want the app session to time out after a period of inactivity, select this option and select a number of minutes of inactivity. If the app is inactive for a period of time greater than this setting, the app times out and the user is prompted to re-enter the passphrase to re-open the app.  

Valid values: 1, 2, 3, 4, 5 - 60 (in increments of 5)


Select any of the following passphrase requirements:

  • At least one alpha character
  • At least one number
  • At least one special character
Maximum Age RuleOptional

Specify the interval at which the user must change the passphrase.

Valid values: once a day, every other day, once a week, once a month, every other month, every six months, once a year.

Optionally, set a reminder for a number of days before expiration.

Valid values: 0 to 7


Specify the number of previously-used passphrases that the system will remember. A user cannot repeat a passphrase stored in this passphrase history.

Valid values: 3 to 10

Fingerprint Authentication Settings
Allow fingerprint authenticationOptional

Select this option to allow a user to authenticate with a fingerprint. The first time the user launches the app, the user will need to set a passphrase, but on subsequent launches he/she will be able to authenticate with a fingerprint. If the user cancels the fingerprint authentication dialog, then the user will be prompted to enter the passphrase.

Authentication using a fingerprint is supported only on devices that allow for fingerprint scanning.

  • No labels