Policy Notification Templates

Policy Notification Templates

You can use the templates to customize different notification pages shown to the users, plus use your company logo so it appears in all the pages. The templates help you guide your users when you:

  • Customize block and alert user notifications
  • Customize email notifications
  • Add custom images

You can create new templates, use the default templates, and preview templates by clicking Policies and scrolling down to the Templates section. Select the type of template you want to create. After creating these templates, you can use them in your policies. You can further customize the template by adding justifications, text, configure action buttons, and redirect users to specific URLs.

You can also customize templates by adding variables, when available, for subject and message. Options include: Application name, Category name, URL accessed by user, Domain accessed by user, Activity performed, Triggered policy name, User Email/File Owner, Application Instance, and File name. 

User Notification Template

User notification templates enable you to block a user action and/or send an alert to the user. These templates can be customized to provide specific information and options in an alert or block notification. You can provide a justification dropdown list for your users and also display a description box to provide a justification. Optionally, you can make the justification text optional.

When an action is blocked for applications accessed through the reverse proxy method, the end user should typically see the block template. However, there are instances where certain applications (for example: ServiceNow), when accessed via the reverse proxy method, display an error message instead of the Block template when the action is blocked.

There are also options for users to include, stop, or proceed after providing a justification. In addition, you can use the Insert button to add Netskope template variables and custom images.

Tip

When the justification options are disabled, the user can dismiss the notification or let the page time out. When the user lets the page time out, the generated alert for the blocked transaction lists “Notification timed out. Canceling the activity” in the Justification Reason field.

  1. Go to Policies > Templates > User Notifications. Click New Template.
    UserNotificationTemlate.png
  2. Enter a name, title, and message, and then choose the options you want, like block or alert, justification, etc. Some options, like Message, Subtitle, and Redirect End Users to the Following URL Automatically have variables you can select from a dropdown list.
  3. To translate the notification in a specific language, enable the Localization toggle and select a language from the dropdown list. Localization is based on the browser LOCALE settings.
    UserNotificationL10N.png
  4. Select Import to get a sample template that you can use to upload further customized notification messages.
    UserNotificationImport.png
  5. Click Sample Template to download a template, customize it, and then upload it by dragging and dropping it, or clicking Select File.
    UserNotificationL10nTemplate.png
  6. When finished, click Import.
  7. Click Save.

To specify how to deliver the notification (by Client or Browser for Cloud Apps and Web Traffic), click the gear icon to open the Settings dialog box.

UserNotificationSettingsButton.png

All user notification templates use these global settings.

Specify a Client or Browser method for both Cloud Apps and Web Traffic, and then enter the number of seconds (up to 600) that you want the pop-up notification to be shown to the user when you set User Alert or Block as a policy action. The default is 60 seconds. When finished, click Save.

PolicyTemplates_2.jpg

(Optional) This feature is only applicable if the notification delivery method is Client. In the Mute tab, you can control how long repeat notifications are suppressed after the initial notification. The range is from 1 minute to 48 hours, and can be applied to action blocks or user alerts.

Important

Netskope Security Cloud blocks the user’s access based on the configured policy and the request URL without waiting for the response packet or the redirect from the website.

For example, a user tries to access http://www.box.com, but the server returns a 3xx redirect response with the Location header redirected to https://www.box.com. Netskope immediately blocks the user’s access without waiting for a response packet from https://www.box.com.

The notification for browse access (browse activity only) using websites is  delivered within the browser regardless of the configured option on the Netskope UI.

For native app traffic, the notification popup is displayed through the Netskope client. In addition, for non-browse activities (e.g. upload, download, post, etc.) app/category block policy the notification popup is displayed based on the admin selected notification delivery mechanism.

Go to Settings > Mute to control how long repeat notifications are suppressed after the initial notification. Keep in mind that this is only applicable if you selected Client as the notification delivery method. The range is from 1 minute to 48 hours.

The following describes the suppression configuration options: 

  • For DLP and Threat Protection Policies, Block and User Alert both have a minimum mute time of 1 minute that can be extended up to 48 hours. This is applicable for both native apps and non-native apps.
  • For Other Policies (non-DLP), refer to the table below for more information.
    Native AppsNon-Native Apps
    Block1 minute to 48 hours
    (Default 1 Minute)
    Block1 minute to 48 hours
    (Default 1 Minute)
    User Alert1 minute to 48 hours
    (Default 30 Minutes)
    User Alert1 minute to 48 hours
    (Default 1 Minute)

Click Apply Changes to use this user notification in a policy.

Email Notification Template

You can use email notifications to let users know when they’ve triggered a policy violation.

To create an email notification template:

  1. Go to Policies > Email Notification.
  2. Click New Template and then Real-time Protection or API Date Protection for the policy violation type.
    The New Template button on the Email Notification Templates page.
  3. In the Create Email Notification Template window:
    • Template Name: Enter a name for the custom email template.
    • Subject: Enter the title or subject of the email sent to users.
    • Message: Enter HTML code to customize the email notification, or click Insert Variable to add variables to the notification. Depending on the type of policy violation, you can add the following variables:
      • Real-time Protection
        • Triggered policy name
        • Admin Email
        • Email Recipient
        • Timestamp in UTC
        • SMTP Recipients
        • SMTP Message ID
        • SMTP Message Size
      • API Data Protection
        • Create New
        • Application name
        • Activity performed
        • Triggered policy name
        • User Email/ File Owner
        • Admin Email
        • Policy action
        • Application Instance
        • File details
        • Email Sender (Gmail and Microsoft Outlook only)
        • Email Recipient (Gmail and Microsoft Outlook only)
        • Email Type, Body or Attachment (Gmail and Microsoft Outlook only)
    The Create Real-time Protection Email Notification Template window on the Email Notification Templates page.
  4. Click Save. Click Apply Changes to use this email notification in a policy.
  5. Click Apply Changes to use this email notification in a policy.

You can select this email notification template when configuring your Real-time Protection and API Data Protection policies.

Custom Images

Custom images, like your company logo, can be added using the Upload Custom Image window. These images can be added to all the other templates described in the following sections.

Acceptable logo sizes are:

  • 48px for small
  • 64px for medium
  • 128px for large

This logo size is applicable only if the company logo/custom image height is greater than the selected size. If the original logo size is less than the selected size, it will display the original image. For example, if the uploaded image height is 55px and if the selected size is medium (64px), the system will display the original image only (55px). However, if the selected size is small (48px), the system will shrink the image and its size will be 48px.

Go to Policies > Templates > Custom Image. Click New Image, and then Select File to upload the image.

When finished, click Upload.

Single Sign-On

This template is available for Client Enforcement using single sign- on.

Client enforcement allows you to implement cloud security by making sure the user traffic is always steered through Netskope. You can implement client enforcement by integrating with single sign on or by using Netskope as the SAML proxy.

By default, when you are enforcing a client, users are automatically redirected to the download page to download and install the client.

You can also choose to show a custom page to the users to provide more information on the company security policy without redirecting them to the download page.

Share this Doc

Policy Notification Templates

Or copy link

In this topic ...