Learn about security solutions and standards
Care about security? We do too. Learn what Atlassian does and what you can do too.
Security settings in a mobile app policy
Atlassian cloud mobile apps support an organizational mobile app policy to apply additional security settings to the apps.
Mobile app policy is supported by the Jira Cloud, Confluence Cloud, and Opsgenie mobile apps for iOS and Android.
This table describes each security setting you can configure for the Jira Cloud, Confluence Cloud, and Opsgenie mobile apps and gives a more detailed explanation of how they work. Learn what end users experience when a policy is created.
Security setting | How it works |
|---|---|
Apply policy to | |
All users with access to your organization’s products | Your policy applies to all users – both managed and unmanaged – within your organization, including any new users that are added after the policy is created. |
Specific users | Your policy only applies to the users you select. These users must have managed accounts. |
App data protection | |
Disable sharing, saving or backing up content from the mobile app | Users cannot perform actions that would allow content to be:
|
Disable screenshots and screen recording of the mobile app |
You can only disable screenshots with iOS 16 and below in a mobile app policy. Apple no longer supports disabling screenshots for iOS 17 and above. |
Disable cutting or copying content from the mobile app | Users cannot cut or copy content from the mobile app. |
App access requirement | |
Block compromised devices | The mobile app runs a series of checks to verify the integrity of the device. If it is compromised, users are prevented from accessing your organization's content within the app. Android devices require Hardware-backed Keystore to access the content. Atlassian reviews and updates the checks regularly to address new device exploits. |
Require data encryption | iOS devices and most newer Android devices are encrypted by default. Users of older devices must enable encryption. If the device cannot be encrypted, they will not be able to use the mobile app on that device. |
Require biometric authentication or a device passcode | Users must have a passcode/Face ID/Touch ID (for iOS) or screen lock (Android) enabled on their device. Users need to authenticate when they open the mobile app and if the mobile app has been in the background for more than 2 minutes. |
Require a minimum OS version | Require minimum OS version (or higher) on the user device. Supported versions are:
|
Override any IP allowlists to allow access from Jira and Confluence mobile apps | Overrides Atlassian cloud IP allowlists, allowing the Jira and Confluence mobile apps to access your content from any IP address. The mobile app runs a series of checks to verify the authenticity of the app to ensure it was downloaded from a genuine app store and is not modified. Note: We encourage administrators to also enable Block compromised devices when using this setting to enable device integrity checks. |
Was this helpful?