App config based access control

login.email 

Enabling this key will fill in the employee email id in the sign-in screen of Cliq app. They can just input their password to proceed further.
Note: The user can opt to remove the id and sign-in using a different email id. 

restrict.login

Enabling this key will fix and lock the employee's email id in the sign-in screen of Cliq app, thereby restricting the employee from using any other email id to sign in. 

App configuration for SAML enabled accounts

SAML is an XML-based, open-standard data format for exchanging authentication and authorization data between an identity provider and a service provider. In simple terms, SAML based single sign-on (SSO) gives members access to Cliq through an identity provider of your choice. To know more on how to setup SAML for your organization, check out here. 

If SAML is set up for your organization and app config is enabled (i.e. login.email & restrict.login keys or just the login.email key), your employees will be directly taken to SAML authentication instead of Zoho Account login screen. 

#1. When SAML is configured for your organization and login.email app config enabled, then your organization users can skip Zoho login and directly access SAML as referenced in below image.
#2. If SAML is configured for your organization but app config is not enabled, then users must enter Zoho credentials and will then be redirected to SAML sign-in. 

restrict.copy

Enabling this key will restrict your employees from copying text, files and images in Cliq, effectively preventing them from sharing data to external apps. 
If you would like to allow copying within the app, then make use of the successive key. 

restrict.external-paste

Enabling this key will allow your employees to copy and paste within Cliq app, but not outside of Cliq app. 

restrict.screen-capture

Enabling this key will prevent your employees from taking screenshots or recording when inside Cliq app. 

restrict.share

Enabling this key will prevent your employees from sharing any media (i.e. files, images, and video) with external apps using the Share icon. 

restrict.download

Enabling this key will prevent your employees from downloading any Cliq media onto their device (i.e. files, images and video). 

restrict.location-services

Enabling this key will restrict your employees from accessing location services within the app. They will not be able to share their location or perform any location based actions in the app. 

restrict.camera

Enabling this key will restrict your employees from using camera within the app to capture images or videos. 
Note: This key restricts only the usage of camera and not the access to Gallery or Camera Roll. 

enforce.passcode

Enabling this key will force your users to set a passcode when they access the app. This adds an extra layer of security to the app and to the important conversations within it. 

cliq.dmtoken

This token is to restrict users from accessing Cliq on all devices. The device management token should be configured in Cliq’s admin panel under Organization > Configurations > Mobile Access.

​

Once you configure a unique dm token in the admin panel, you have to push that token to devices using the cliq.dmtoken key in your EMM service provider. On doing so, only the devices that has the token will allow access to Cliq app, i.e. Cliq app cannot be logged in devices that do not have the dm token. 
Important Note: This dm token is based on Roles in Cliq admin panel, i.e. the token will work only for roles where you have disabled the 'Access in unmanaged devices' mobile permission. For more details, check out role based mobile permissions here.