Configuring security policies for your apps
Blue Cedar policies protect your apps and data. You can use the REST API to configure the options for the policies when you apply them to your apps.
- Use profiles to define a set of policy details. See Policy profile structure.
- Specify policies and associated profiles when you secure the apps. See Securing apps with the REST API.
You can retrieve a list of available policies with GET app-policy/catalog. The following sections describe each policy, the parameters that you can set for each policy, and the API resources available to set and retrieve policy and profile information.
Each policy's behavior is described in detail on the pages linked below. See API Resources for details on all available resources.
Applying policies
Use POST app-market/policy to apply policies to an app. When applying policies, use one (or both) of these methods to specify each policy:
- The appropriate policy code from the following table.
- The GUID for the policy.
Note: You must apply the MAP.Next policy to use any of the other Blue Cedar policies. It does not have its own features, but it enables the other policies. The only exception is Master policy—it applies the MAP.Next policy if you do not.
| Policy name | Policy code |
|---|---|
| MAP.Next | POLICY_CODE_MAP_NEXT |
| App Customization | POLICY_CODE_APP_CUSTOMIZATION |
| App Store Compatibility* | POLICY_CODE_APP_STORE |
| Client Certificates | POLICY_CODE_CLIENT_CERTS |
| DAR Encrypted Data at Rest | POLICY_CODE_DAR |
| Data Sharing | POLICY_CODE_DATA_SHARING |
| Integrity and Posture | POLICY_CODE_DEVICE_POSTURE |
| Diagnostics | POLICY_CODE_DIAGNOSTICS |
| End User License Agreement | POLICY_CODE_END_USER_LICENSE_AGREEMENT |
| FIPS 140-2 module* | POLICY_CODE_FIPS_MAP_NEXT |
| Local App Authentication | POLICY_CODE_LOCAL_AUTH |
| Master policy profiles | POLICY_CODE_MASTER |
| Browser Configuration | POLICY_CODE_MOCANA_BROWSER |
| Secure Microtunnel | POLICY_CODE_SECURE_CONNECTION |
| Secure Web Stack | POLICY_CODE_SECURE_WEB_STACK |
| Signing profiles (API) | POLICY_CODE_SIGNING |
| Trusted Server Certificates | POLICY_CODE_TRUSTED_SERVER_CERTS |
* The App Store and FIPS policies do not use profiles; they are only enabled or disabled.