App config based access control
|Keys||Description||Value||Type||iOS support||Android for Work support|
|login.email||Display the user's email id on sign-in screen||Email id |
|restrict.login||Lock the user's email id on sign-in screen||Toggle||Boolean||Yes||Yes|
|restrict.copy||Disables copying of texts, files, and images||Toggle||Boolean||Yes||Yes|
|restrict.external-paste||Disables pasting in external apps||Toggle||Boolean||Yes||Yes|
|restrict.screen-capture||Disables screenshot and screen recording within Cliq app||Toggle||Boolean||No||Yes|
|restrict.share||Disables sharing of Cliq files with other apps||Toggle||Boolean||Yes||Yes|
|restrict.download||Disables download of files onto the mobile device||Toggle||Boolean||Yes||Yes|
|restrict.location-services||Disables access to location within the Cliq app||Toggle||Boolean||Yes||Yes|
|restrict.camera||Disables access to camera within the Cliq app||Toggle||Boolean||Yes||Yes|
|enforce.passcode||Enforces all users to set a passcode to access Cliq||Toggle||Boolean||Yes||Yes|
|cliq.dmtoken||A unique token to ensure Cliq can be accessed only in devices that has the token||Token value given in Cliq admin console||String||Yes||Yes|
Enabling this key will fill in the employee email id in the sign-in screen of Cliq app. They can just input their password to proceed further.
Note: The user can opt to remove the id and sign-in using a different email id.
Enabling this key will fix and lock the employee's email id in the sign-in screen of Cliq app, thereby restricting the employee from using any other email id to sign in.
App configuration for SAML enabled accounts
SAML is an XML-based, open-standard data format for exchanging authentication and authorization data between an identity provider and a service provider. In simple terms, SAML based single sign-on (SSO) gives members access to Cliq through an identity provider of your choice. To know more on how to setup SAML for your organization, check out here.
If SAML is set up for your organization and app config is enabled (i.e. login.email & restrict.login keys or just the login.email key), your employees will be directly taken to SAML authentication instead of Zoho Account login screen.
#1. When SAML is configured for your organization and login.email app config enabled, then your organization users can skip Zoho login and directly access SAML as referenced in below image.
#2. If SAML is configured for your organization but app config is not enabled, then users must enter Zoho credentials and will then be redirected to SAML sign-in.
Enabling this key will restrict your employees from copying text, files and images in Cliq, effectively preventing them from sharing data to external apps.
If you would like to allow copying within the app, then make use of the successive key.
Enabling this key will allow your employees to copy and paste within Cliq app, but not outside of Cliq app.
Enabling this key will prevent your employees from taking screenshots or recording when inside Cliq app.
Enabling this key will prevent your employees from sharing any media (i.e. files, images, and video) with external apps using the Share icon.
Enabling this key will prevent your employees from downloading any Cliq media onto their device (i.e. files, images and video).
Enabling this key will restrict your employees from accessing location services within the app. They will not be able to share their location or perform any location based actions in the app.
Enabling this key will restrict your employees from using camera within the app to capture images or videos.
Note: This key restricts only the usage of camera and not the access to Gallery or Camera Roll.
Enabling this key will force your users to set a passcode when they access the app. This adds an extra layer of security to the app and to the important conversations within it.
This token is to restrict users from accessing Cliq on all devices. The device management token should be configured in Cliq’s admin panel under Organization > Configurations > Mobile Access.
Once you configure a unique dm token in the admin panel, you have to push that token to devices using the cliq.dmtoken key in your EMM service provider. On doing so, only the devices that has the token will allow access to Cliq app, i.e. Cliq app cannot be logged in devices that do not have the dm token.
Important Note: This dm token is based on Roles in Cliq admin panel, i.e. the token will work only for roles where you have disabled the 'Access in unmanaged devices' mobile permission. For more details, check out role based mobile permissions here.