Updated at: 2025-07-11 08:48:51

Policy Synchronization Mechanism

Prerequisite: To enable policy synchronization, you must first establish a parent-child domain relationship in the [Doc Domains] section.

The parent domain enforces policy configurations to child domains, rendering the corresponding policy interfaces read-only (grayed out) in child domains to avoid misoperations from subordinate admins. This hierarchical policy management system enables:

    • One-to-many policy control across Doc Domains.
    • Centralized administration of multiple policy types, including security policies and documents policies, such as Login/Access Control/Sync/Sharing/Message Policy, etc.

Procedures for Policy Synchronization

To implement policy synchronization between parent and child domains, follow this procedure:

    1. Child domain administrator retrieves authentication credentials from [Domain Management] > [Credential] and shares them with parent domain administrator.
    2. Parent domain administrator adds child domain in [Domain Management] > [Doc Domains] using these credentials.
    3. Parent domain administrator creates policy configuration in [Domain Management] > [Policy Sync] section.
    4. Finally, the parent domain administrator binds policies to relevant child domains in [Domain Management] > [Policy Sync].

Note: Child domain administrators cannot modify any policies that have been restricted by the parent domain.

Manage Policy Synchronization

To add a new policy:

    1. Click [+Add Policy Configuration] in the upper-left corner
    2. Specify a policy name
    3. Configure login policies, password strength, client restrictions, and two-factor authentication as needed

Currently, policy configurations are limited to login policies, including:

    • Strength: Password strength requirements.
    • Restrictions on Client Login: Web client login restrictions for subdomains.
    • Dual-factor authentication

To edit policies:

Select “” option for any policy in the list to modify its name or settings.

Note: Changes take effect immediately for all bound document domains. If policy application fails for any domain, the system will proceed with others and provide failure domains upon completion.

To delete policies:

Use the “” button to remove unbounded policies.

Note: Policies currently bound to document domains cannot be deleted until all relationships are manually removed.

Binding Policy Configuration

Policy configurations only take effect when bound to the target Doc Domain, with these hierarchical restrictions:

    • Policy Binding is only permitted from Parent Domain to Child Domain.
    • Each domain may only have one bound policy.

To bind a policy configuration to child document domains:

    1. Select the desired policy configuration.
    2. Click the [+Add Document Domain] button above the domain list panel on the right.
    3. Choose target child domains by either:
    • Selecting directly from the domain list, or
    • Searching for specific domains and selecting from results.\

Note:

    1. Policy configurations take effect immediately upon binding to the document domain.
    2. A single policy configuration can be bound to multiple document domains, but each domain can only have one bound policy configuration.
    3. Bound policies are enforced mandatorily - child domains cannot modify policies inherited from their parent domain.
    4. To delete the policy, Admin needs to unbind the policy and its domain first.

To unbind the policy to a domain:

Administrator needs to click the [×] behind the domain.

Note: If a policy is unbound to a child domain, then the applied policy will be reserved and can be changed.