RBI Templates
Admins can configure isolation settings to provide a mechanism to define and apply granular controls to govern the user interaction in isolated web sites for different risk scenarios (e.g. users or categories). These controls are configured defining RBI templates that can be attached to any new or existing RBI policy.
You can view all RBI templates in one place.
Navigate to Policies > Templates > RBI > click New Template. The Create RBI Template window displays.
Type a template name. RBI template names are only allowed if the RBI template is not attached to any existing RBI policy. Optionally, admins can create a new RBI template from the Real-time Protection policy page and attach it directly to the policy. In an RBI policy you can select “+ Create RBI Template” on the RBI template dropdown menu. Once created, it is available in the list of RBI templates and you can attach it to the RBI policy to limit the interaction of your users while they browse a web page in isolation.
Important
When creating policy names, only use alphanumeric characters and symbols such as "_" underscore, "-" dash, and "[ or ]" square brackets. You cannot use the greater than ">" and less than "<" symbols in policy names.
Select Isolation Indicators, persistent and non-persistent indicators that can be stacked to adapt to your requirements. These options notify end users that they are browsing an isolated web page for different risk scenarios. Choices include:
Asterisk - tab title prefix
Colored frame
To learn more: Isolation in an End User's Browser
Toast - warning message remains visible to the end user until they acknowledge it and click the "X" to close the notification. The warning message displays when either of the two controls are enabled in the RBI template attached to the policy:
To learn more: Isolation in an End User's Browser
If “Toast (warning message)” Isolation indicator is enabled.
If “Read-Only” user action control is enabled.
No indicators - uncheck all options
Select the user actions for this template. Options include:
Tip
There are visual cues to let users know they are in isolation. By default an asterisk displays in the tab name and the feature is uneditable. To learn more: Isolation in an End User's Browser
Copy to clipboard - allows users to copy text from the isolated web page into their clipboard. This action expands Netskope's RBI data protection capabilities to limit data leakage in isolation. To learn more: RBI Use Cases
Note
If this feature is disabled, users cannot use context menu or shortcuts to copy text.
Paste from clipboard - allows users to paste text from their clipboard into the isolated web page. This action expands Netskope's RBI data protection capabilities to limit data leakage in isolation. To learn more: RBI Use Cases
Note
If this feature is disabled, users cannot use the context menu or shortcuts to paste text.
Printing - allows users to use the print function in the isolated web page.
Read Only - select to prevent any text input: paste or keystroke, except navigation controls (arrow, space bar, enter key). The best practice is to use Read-only combined with No File Uploads. Users are notified they are browsing a Read-Only page in isolation and a warning message displays when text input is blocked. This action helps reduce the attack surface for phishing threats. To learn more: Isolation in an End User's Browser
Note
Netskope enables all isolation indicators by default in an RBI template when the Read-Only checkbox is selected/enabled as a User Action Control, reflecting the expected behavior for end users. The Isolation indicators are not editable (grayed out) or disabled if the Read-Only checkbox is selected/enabled.
For example, selecting Read-Only automatically disables "Paste from clipboard."
In addition, selecting Read-Only enables and grays out all Isolation Indicators (Asterisk prefix, Colored Frame, and Toast (Warning Message).
Select browsing actions for this template. Options include:
Pop-up - select to allow pop-ups generated by the isolated web page to display.
Private Navigation - select to block the transport and storage of any browsing data (i.e. user cookies) in your users browsers (similar to incognito/private browsing). Unselect/uncheck this action to enable the transport and storage of cookies generated while browsing in isolation. These cookies can only be used in Netskope RBI. There's a known limitation and suggested best practice for private navigation. To learn more: RBI Best Practices
Important
Netskope RBI does not store any user browsing data in the system. All browsing data is deleted after the isolation session ends.
Click Save.
Click Apply Changes to publish the template. Once a template is published you can select it for use with any new or existing RBI policy.
Note
The Real-time Protection policy list page has a column called Action that displays the action, "Isolate" and the name of the RBI template that is applied to the policy.