Predefined conditional rules

Ivanti Access provides a set of predefined conditional rules. These rules are automatically added to the default policy when the default policy is created. You cannot change a predefined rule. You can do the following to a predefined rule:

Delete the rule.

Change the action on the rule.

Move the rule up or down in the list.

Disable the rule.

The General Bypass rule is a special predefined rule that is automatically added to all new policies and it is the last rule in the policy. The rule cannot be moved up in the list or be disabled. You can only change the action on the rule.

Table 15.   Predefined conditional rules description

Rule name

Description

Default action

Trusted App and Device

Determines whether all tunneled applications are allowed that incude using Ivanti Tunnel, [email protected], [email protected], using AppTunnel or Ecosystem apps using AppConnect with AppTunnel.

Allow

Untrusted Apps on iPad

Blocks all applications that do not have Ivanti Tunnel VPN configuration.

 

Untrusted Apps on iPhone

Blocks all applications that do not have Ivanti Tunnel VPN configuration.

Block

Untrusted Apps on MAC

Blocks all applications that do not have Ivanti Tunnel VPN configuration.

 

Untrusted Apps on Android

Blocks all applications that do not have Ivanti Tunnel VPN configuration.

Block

Untrusted Apps on Windows

Blocks all applications that do not have Ivanti Tunnel VPN configuration.

Block

Android for Work Registration

Determines whether the untrusted devices are enabled to register for Android for work.

If your deployment is Access + Standalone Sentry, ensure that your Standalone Sentry version is 8.5.0 through the most recent version as supported by Ivanti.

Allow

iOS Native Email OAuth

Controls (allow/block) access to the IdP from iOS native email client using OAuth with Office 365.

This rule is not automatically added to the default policy.

Allow