Create a Real-time Protection Policy for Private Apps

Create a Real-time Protection Policy for Private Apps

Private apps are not steered by default, so a user is not notified when that private app is inaccessible. Policies are required to log events and enable access to Users, Groups, or OUs. Use Real-time Protection policies to:

  • Grant access to a private app for users, groups, or OUs.
  • Block access and notify the user(s) why access is denied.
  • Block access but provide instructions to gain access, such as contacting IT or upgrading a device.
  • Use a DLP profile to get Page Events, Alerts, and DLP Incidents data for private apps.

For a specific private app, you may want to have one policy that grants access for a defined set of users, and then use a second policy that blocks and notifies users who don’t have access.


Client restarts no longer occur when policy updates are made.

To create a Real-time Protection policy for private apps, use one of the two following methods:

Allow or Block Access to Private Apps

  1. Go to Policies > Real-time Protection.
  2. Click New policy and select Private App Access.
  3. For Source, select the Users, OU, or Groups for which you want to grant access to the private app(s).
  4. For Destination, leave Private App and select a private app from the dropdown list (like JIRA).
  5. For Action, select Allow to grant access. To deny access, select Block, select a policy notification template from the dropdown list, or create one.


    Netskope Private Access doesn’t send block notifications for each attempt to access the blocked private app. The block notification only appears once, on the first attempt. After that, the block notification for the private app won’t appear again.

  6. Give the policy a name (like Allow All Users to access JIRA), and then click Save.
  7. Click Apply Changes.
Share this Doc
In this topic ...