🪚Customize policy.json

Sample policy.json

Visit: https://coauth.dev/ira/ira-policy.json

Explanation

resource_groups: You categorize the URLs into groups and give the group a name (alpha numeric and underscores only. All Urls defined in the resource groups are regex pattern. Visit https://regex101.com/ to test your pattern

conditions: This is an array / list of conditions that you want to apply on the resources that you have defined earlier.

conditions-> actions: The name explains what it does. The possible values expected here are

1. block_page (blocking of page)

2. disclaimer (show popup)

3. sticky (show sticky banner at top or bottom)

4. block_copy (block copy)

5. block_paste (block paste)

6. block_cut (block cut)

conditions->props->message: Defines the message to be shown to users on that action (title, description).

conditions->props->message->alertType: Possible values are

1. danger (red)

2. warning (light orange)

3. info (light blue)

4. success (green)

conditions->props->message->location: Defines the location of message to be shown. Possible values are;

1. top

2. bottom

*For disclaimer, the value has no effect.

conditions->resources_include: Add the resource group names that you defined earlier, for which policy should be applicable

One exception for value / constant here is <all_urls>, means that this policy will apply to any URL fired from browser except the ones mentioned in resources_exclude.

conditions->resources_exclude: Add the resource group names that you want to exclude from this policy

Ideal setup for organizations

Define resource group that you want to exclude probably based on scenarios like copy, paste, etc.

And

conditions->resources_include use constant "<all_urls>"

conditions->resources_exclude list the names of resource groups that you want to exclude. i.e all your company allowed websites

Except for block_pages else you'll end up blocking all sites

This way you are adding restrictions on all sites except known / trusted sites.