Security policies enable administrators to implement Data Loss Prevention (DLP) controls across an organization through centralized browser management. These policies can be tailored to specific teams to allow or block file transfers and clipboard operations, effectively preventing unauthorized data leaks.
When no rules are configured, or when no existing rule matches a given action, the following defaults apply:
- File downloads, File uploads, Copy to clipboard, Paste from clipboard — default behavior is Allow, meaning no restrictions are active.
- Camera, Microphone — default behavior is Ask, which follows standard browser behavior by prompting the user for permission on each site.
The Ask default for Camera and Microphone may appear inconsistent compared to the other actions, which default to Allow. This reflects how browsers natively handle device access permissions. As more browser-controlled actions are added to Security policies over time, this pattern will become more apparent.
When creating a new policy, administrators can choose a policy action (either Allow or Block) for selected user actions on specified destinations. This flexibility lets you, for example, allow microphone and camera access only on approved video conferencing domains while blocking those actions everywhere else.
How to set up NordLayer Browser security policies?
Before getting started, you'll need to enable NordLayer Browser under the Platform Solutions tab as a prerequisite.
- Navigate to Platform solutions and select NordLayer Browser.
- Select Security policies from the submenu.
- Click the Create policy button.
- In the opened window:
- Enter a security policy name (it must not exceed 100 characters)
- Select which teams the policy applies to (you may select multiple teams)
- Choose a policy action: Allow or Block
- Tick the user actions the policy applies to:
- File downloads
- File uploads
- Copy to clipboard
- Paste from clipboard
- Microphone
- Camera
- Choose Any to apply the policy to all destinations, or choose Specified destinations to define specific domains and/or IP addresses.
If using Specified destinations, enter the domains, subdomains, wildcards, and/or IP addresses where the policy action will apply. You may list up to 100 entries. The correct format for destinations should be *example.com, .example.com, or 172.100.2.10. There is no need to include "https://" or "www" at the beginning of the domain name. All destinations must be separated by commas or spaces.
- When you're finished configuring the policy, click Create policy to save your changes.
Security policies can be created at any time, but they only take effect when the browser is enabled and running.
- There is a limit of 200 policies per organization.
- Policies are applied according to priority, from top to bottom.
- When users belong to multiple teams, the most restrictive policy applies.
- Creating a rule that combines Allow as the action, Camera and/or Microphone as the selected user actions, and Any as the destination is not supported. If you attempt this combination, a warning will be displayed and the rule creation will be blocked.
NordLayer Browser continues to evolve based on user feedback and organizational needs. Some functionality may change as the feature develops.
Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.