This article describes features that are only available in the Banyan Unlimited edition.

• ITP Policy Overview
• Create an ITP Policy
  • Step 1: Create an ITP Policy
  • Step 2: Select Threats to block
  • Step 3: Configure Content Filtering, Domain Blocking, and Domain Exceptions
  • Step 4: Assign the ITP policy to devices in your org
• Edit or Delete an ITP Policy
  • Edit
  • Delete
• Prioritizing ITP Policies
  • How to prioritize ITP policies
• ITP policy sync status

ITP Policy Overview

Banyan applies ITP policies to devices. ITP policies are designed to protect devices from internet resources that are not maintained by a trusted third-party organization, preventing access to domains outside acceptable use policies.

Admins can create and manage ITP policies in Banyan’s Command Center. Admins assign policies to devices via Roles, similar to other protected services in Banyan. In Banyan, an admin decides which domains or categories of domains they need to block or allow. These domains are added to a Banyan policy, and the policy is then associated with a device or a group of devices.

Create an ITP Policy

Step 1: Create an ITP Policy

1.1 Navigate from Secure Access > ITP Policies.

1.2 Select + Create Policy.

Step 2: Select Threats to block

2.1 Toggle on the threats you wish to block your end users from accessing.

2.2 Select Next.

Step 3: Configure Content Filtering, Domain Blocking, and Domain Exceptions

3.1 Select which categories of content you want to block your end users from accessing by toggling on Category Filtering, selecting + Select categories to filter, and selecting categories from the dropdown menu. To remove an added category, select the x beside the category name.

3.2 Select which domains you want to block your end users from accessing by toggling on Domain Filtering, and then entering the domain name. To block more than one domain, select the + beside the domain name field.

3.3 Select which domains you want to configure as exceptions to your ITP policy by toggling on Domain Exceptions, and then entering the domain name. To except more than one domain, select the + beside the domain name field.

3.4 Select Next.

Step 4: Assign the ITP policy to devices in your org

4.1 Name your ITP policy and add an optional description.

4.2 Select one or more roles to assign your ITP policy to.

4.3 Enter custom messaging for your ITP block page.

Edit or Delete an ITP Policy

In the Command Center, navigate from Secure Access > ITP Policies. From your list of ITP Policies, select the Name of one you want to edit or delete.

Edit

1. To edit, select the pencil icon in the top right corner of the ITP policy page.

2. Adjust your toggles under Threat Protection, Content Filtering, or Assignment.

3. Select Save.

Delete

1. To delete your ITP policy, select the trash icon in the top right corner of the ITP policy page.

2. A modal will pop up, double-checking if you want to delete your policy. Select Delete.

Prioritizing ITP Policies

Devices are not required to have an ITP policy associated with them; however, each device can only have one policy active at a time. ITP policies can be prioritized: higher priority policies will take precedence when two or more policies apply to one device (i.e., a device with multiple Roles and separate ITP policies applicable to each Role).

How to prioritize ITP policies

1. In the Command Center, navigate from Secure Access > ITP Policies.

2. Select the Reorder button in the top right corner of the page (i.e., the button with an up and down arrow).

3. Drag your ITP policies into your preferred order of priority, where 1 is the highest priority.

4. Select Save.

ITP policy sync status

When ITP policy assignments are edited or policies are re-prioritized, Banyan’s console does not typically reflect these changes immediately; for larger environments with many devices, syncs tend to take longer, and updates are only reflected in the console when Banyan completes the next sync.

Banyan’s sync status indicates whether the ITP policies page in the console is up-to-date or in progress. If a sync is in progress, then an ETA will also be available, so that admins can expect when ITP policy updates will be reflected in the console.

If the ITP policy sync status fails to complete, contact Banyan support.

---

Can’t find what you’re looking for?

We’re happy to help. Contact our team .