There are two paths to create Master policy profiles in the policy console web interface:
- From the App details page, create and enable a selection of individual policies, and save that set as a master profile. Select the checkbox next to Save as master profile and enter a profile name in the text box.
- On the Master Policy details page, create or edit a master profile, then enable and select individual policies. (Get to the Master Policy details page from Policies > Master Policy or from Apps > iOS or Android, click on an app, then click the settings gear on the Master panel.)
See Managing policy profiles (UI) for general information about managing policy profiles.
To create a master policy, create a master policy profile composed of individual policies. Enable the individual policies and associated profiles.
Click Policies > Master Policy. The Policy details page appears, where you can create a new master profile or edit an existing profile.
On the Policy details page, click + Master Profile to create a new profile, or click the pencil icon next to an existing profile to edit it.
On the Profile details page, enter the Profile name and description.
Enable the individual policies that you want to use, and choose the profile for each one.
Policies with no defined profiles appear under Add more profiles. Click on the desired policy to go to the policy details page and create a new profile from there.
Select any Miscellaneous options.
|Enable App Store Compatibility||Allow iOS apps to be distributed via the Apple App Store. See Securing apps for app store compatibility|
|Enable FIPS policy||Apply the FIPS policy, which performs a power-up self-test to check that Blue Cedar cryptography has not been tampered with. See FIPS 140-2 module.|
|Skip Early Initialization Deferral|
Applies to iOS apps only. This setting disables part of the Blue Cedar solution to defer code that executes too early. It is intended for troubleshooting apps that have issues at startup. For some apps, there may be unintended consequences if this option is checked. Only skip deferral when instructed by Blue Cedar Support.
When you are done configuring the Master profile, click Save changes. This profile is now available to use with any app.
Applying the Master policy
Click Apps, then Android or iOS, then the app you want to secure. The App details screen appears.
Under Select a master policy, click the triangle to expand the Master panel.
Select "Enable Master policy." Enabling the Master policy disables the individual policies listed below "Policies to apply."
Choose the Master Profile from the menu.
You can choose a signing profile when you apply the policy on the App details page, but this option is not part of the Master profile.
Click Apply Policies.
Duplicating and exporting master policies
Although most profile actions work the same way for master policies as for individual policies, there are a few details to notice.
When duplicating a master profile, the new copy does not copy the individual profiles. Instead, it includes references to the same individual policies as the original master profile . If you edit a Secure Microtunnel policy profile, the changes show up in any master profile that uses the same Secure Microtunnel policy profile.
When exporting a master profile, the downloaded zip file includes copies of each of the individual profiles as well as the master profile JSON.
When importing a master profile, the master profile and included profiles are named with Imported Profile and a timestamp to avoid duplicating any profile names already used on the policy console.