Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.
How to Release Mobile App Protection Templates Between Teams in DevSecOps Build System
This Knowledge Base article describes how to use Appdome’s Release Fusion Set feature to advance security templates (Fusion Sets) through a security release process involving multiple teams, while at the same time achieving ‘separation of duties’ among the teams and its members.
What is Separation of Duties?
Separation of Duties (also known as segregation of duties) is a set of operational practices and internal compliance requirements designed to prevent security control failures and/or abusive practices. This objective is achieved by disseminating the tasks and associated privileges for a specific security process among multiple people on different teams and applying controls and entitlements that enforce separation and prevent members from assuming roles on multiple teams. A simple example of separation of duties would be to ensure that a person who requests approval for a certain task cannot also approve the task.
What is the Appdome Release Fusion Set Feature?
Appdome’s Release Fusion Set to New Team feature allows customers to release security templates (Fusion Sets) to other teams within the security release process, in a way that allows organizations to comply with separation of duties requirements. This is achieved by ensuring that team member responsibilities, roles, and entitlements are spread across multiple teams, and that team members who share Fusion Sets between different teams cannot be a part of both teams.
How To Use Appdome Release Fusion Set (with separation of duties)
To access the Release Fusion Set feature, use any of the methods below:
- Go to My Fusion Set dropdown and select Release Fusion Set (which becomes visible when hovering).
- Go to Fusion Set Details and select Release Fusion Set.
After selecting Release Fusion Set, you may be presented with several options. If your company requires separation of duties, you should select the option called “Release Fusion Set to New Team” as shown below. Using this option will ensure that the Released Fusion Set is frozen for both teams and also maintain separation of duties by not allowing team members to be a part of both the originating team and the receiving team for the Released Fusion Set.
Note: Using the Release Fusion SetTo New Team option will automatically freeze the Fusion Set for BOTH teams (even if the Fusion Set for the originating team was not frozen).
Note: Before clicking “Release”, you can back away from this option by selecting “back to team selection”. From there, you can choose a different option to Release the Fusion Set.
To continue with the Release Fusion Set To New Team option, enter Team Name and Team ID in the required fields as shown below and click Release.
Upon successful release, the team member who released the Fusion Set will see the following notification.
After releasing the Fusion Set, you will see an indication within your own Team that the Fusion Set is frozen and Released, as shown in the following 2 screenshots below.
The receiving Team will see an on-screen alert notifying them that the Fusion Set has been released to their team. Entitled members of the receiving team will see an option to either “Accept” or “Decline” the Released Fusion Set (Note, only team members who have the proper Entitlement will see this alert).
Note: The receiving team will also receive an email notification (if that option is enabled) which includes all the details about the released fusion set.
The receiving team can preview all the security features contained within the Released Fusion Set by selecting it. Note, the receiving team will not be able to build with the Released Fusion Set until they have accepted it. (“Build My App” button will remain greyed out until the Released Fusion Set has been accepted).
Prerequisites for using Appdome Release Fusion Set
In order to use Appdome’s Release Fusion Set feature, you’ll need the following:
- Appdome account
- Mobile App (.ipa for iOS, or .apk or .aab for Android)
- A Fusion Set which you want to release
- A license to Release Fusion Set
- The entitlement of Release Fusion Set must be enabled for a particular Appdome user.
How To Learn More
For info on related features to Release Fusion Set, check out the following KB articles.
Copying and sharing Fusion Sets
Please feel free to request a demo at any time.
If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.
To zoom out on this topic, visit the Appdome platform page on our website.
Thank you!
