How to create a rule for app banners

You can use rules in the Push admin console to set conditions for how app banners are displayed to employees.

By using rules, you can:

• Show a banner message to only specific employees or employee groups.

• Set different banner modes for different groups.

• Apply a banner based on an app’s sensitivity level, approval status, or custom label.

• Set banners on a custom list of URLs, such as for a group of valuable code repositories.

• And others.

Common use cases include:

• Blocking a recently breached app while you investigate the incident.

• Blocking all unapproved apps.

• Blocking Team A from using an app while allowing Team B to use it.

• Showing one message to employees and a different one to administrators of a tool.

• Creating an employee group for testing purposes and restrict app banners to just that group.

• Creating localized messages for teams who speak multiple languages.

From the Controls page in the Push admin console, go to the App banners tile and then select Add rule to get started.

First, select the banner Mode. To see examples of each banner Mode, refer to this related help article.

Note: The mode type of Show no banner allows you to set conditions for when a banner will not show, which supports more complex scenarios. For example, you may wish to block all employees except your security team from using a specific app.

Then set the Scope (all employees, specific employees, or employee groups) and whether the rule applies to all apps, specific apps, app attributes (e.g. sensitivity and approval status or custom labels), or URL patterns.

By default, app banners appear on the signup and login pages for a given app. Alternately, you can configure a banner to display on a provided list of URLs using the URL patterns option. See Syntax for URL patterns below.

Then write your message text and use the Preview banner option to see how it will look. Note: You must have the Push extension installed to see banners.

Push will automatically create a rule name using the combination of criteria you selected. You can edit the rule name if you like.

You can control the order in which rules are applied by setting the rule order on the configuration slideout.

Rules are executed from the top down. URL pattern rules (if using) will always take precedence over app rules.

Use the handlebars in the Order column to drag and reorder rules.

If you’d like to control which URLs a banner appears on, you can set a URL pattern in the configuration slideout. By default, a banner will display on a selected app’s login and signup pages. To display a banner on specific URLs, you can enter a URL pattern instead.

After you select the Scope, choose URL patterns.

Then enter the URL(s) where you wish to display the banner.

When adding URLs to your list, you can use a wildcard * (star / asterisk character) to partially match website domains.

For example, *.example.com will catch any subdomains in example.com.

Note: URL match patterns do not support the syntax *.example.* You must use the syntax *.example.com or *.example.org if you wish to have a wildcard for subdomains.

To catch all pages on a domain, use the syntax example.com/*. You can combine these two approaches to catch all pages and all subdomains by using the syntax *.example.com/*

Here are some examples of how you can configure rules for common use cases: