Skip to main content

Welcome to our updated site!

Skyhigh Security

Configure Private Access Policy Rules

Configure the policy rules to enforce controlled access on the private applications. You can create private access policy rules by applying criteria, operator, value, and action. You can define up to five levels of nesting within a parent rule. You will see an error if you don't enter the rule name or when the rule name exceeds 200 characters. The nested rule can themselves contain other nested rules, resulting in a hierarchy of rules. 

Skyhigh Private Access applies the access policy rules using the first-match principle and runs from top to down.  The rule set evaluates to true or false based on the criteria, value, and action specified in each rule. So make sure to provide valid inputs in all these fields. Rules are triggered when all their conditions are evaluated to true. Within a parent rule, you can use drag and drop to move a rule from one level to another level.  

Note: Before creating an access policy rule, you should first configure the device profile and private applications.

To create a Private Access Policy:

  1. Go to Policy > Access Control > Private Access Policy.


  1. Click New Rule.
  2. Complete the following fields to create an access policy rule:
    • Name — The name of the policy.
    • Criteria — Select a criteria from the list and click OK. You can specify multiple criteria for a single rule. You can also view the logic used for the selected criteria.
      NOTE: Select device profile as the criteria to validate the device posture. 
    • Operator — Specify the operator for the selected criteria. 
    • Value — Specify the value based on the set criteria. 
    • Action — Specify the action to be performed when a policy is enacted.
      • Allow — Allows private application traffic.
      • Block — Blocks private application traffic.
      • Allow Web Policy — Applies the configured Web Policy rules to the private application traffic.
      • Allow with DLP — Applies web policy rules along with the DLP rules to the private application traffic.
      • Isolate — Applies Remote Browser Isolation to the private application traffic.
      • Enter — Creates a new child rule. 
    • On/Off — Select On to enable a rule and Off to disable a rule. Click threedots.png to view options such as Add New Condition, Add Nested Rule, and Delete.
      • Add New Condition — Adds a new condition (criteria). Select a criteria from the list and click OK. You can specify multiple criteria for a single rule. You can also view the logic used for the selected criteria.
      • Add Nested Rule — The nestedicon.png  icon represents the nested rule. Click this icon to expand or collapse a nested rule. You can nest (up to four levels) rules inside a policy rule. You have to configure criteria, value, and action for this child rule. The Action option changes to Enter when you add a child rule. You can specify action to be performed for the child rules.


  1. Publish the saved changes to the cloud now or keep working and publish later.
    Once you publish, you can view the private access policy under the Web Policy (Policy > Web Policy > Policy > Private Access) page in the code view form.