home

Security Service Edge

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Security Service Edge

Configuring Lookout Cloud Security Platform for Policy Management

Enable User Coaching

User coaching provides an option to request additional information from users who want to upload, download, or share sensitive data in applications. You can specify user coaching as a secondary action in an App Access Control policy. You can set up a template to display a user coaching message that notes a policy violation or a restriction and directs users to enter details (such as the rationale for accessing the data).

Example: A user wants to upload a file containing sensitive information such as Social Security numbers. This activity violates a policy that restricts access to the file. The user sees a notification about the policy violation. In addition, a coaching message appears, asking the user to provide a justification for uploading the file. When the user enters a justification (for example, the user’s manager has approved the download) and clicks Submit, the coaching window closes, and the user can proceed with the upload.

If the user wants to cancel the download, they can dismiss the coaching window without entering a justification.

All user coaching interactions are logged, so you can track access attempts and the justifications provided by users in the user coaching window.

For both continuous authentication and user coaching, activity logs reflect the completion status of a session. The Completed and Skipped status items are logged immediately; the Canceled status is logged after an expiration time of five minutes.

  • Completed -- The session was successful. All activities could be completed.
  • Skipped -- The user completed an active session without having to re-authenticate or respond to an additional user coaching message, because user coaching was already accounted for within the session.

  • Canceled -- The user did not finish authentication and did not enter information when prompted by user coaching. For example, the user saw the coaching message, and closed the dialog box instead of entering anything. If the user clicks Submit without entering anything in the user coaching message box, they will see a new message box with a prompt to fill in the requested information. After five minutes, the user will not be able to complete the wizard for continuous authentication or user coaching.

    User coaching can be implemented only in CAC policies and cannot be applied when the primary policy action is Deny.

Last updated: November 20, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.