Per-App VPN
A Virtual Private Network(VPN) ensures all data is transmitted via secured tunnel which means, it strictly requires authentication or a special certificate to establish connectivity. Therefore organizations configure VPN, to ensure all the corporate data is secured from hackers or malicious users.
When a VPN is set up, all the data from the devices, including the personal data, is routed through the VPN. Some organizations only require a VPN to be set up only for the corporate apps, in that case the admin can make use of per-app VPN. With per-app VPN, the admin can select the apps for which the VPN is to be set up.
You have to specify the apps for which VPN should be turned on. You can add multiple apps in the same profile as well. The below mentioned table specifies the inputs which are required to configure per-app VPN for mobile devices
The following VPN connection types are supported by MDM:
- F5 Access
- SonicWall Mobile Connect
- Citrix SSO
- Custom SSL
F5 Access, SonicWall Mobile Connect, and Citrix SSO require the corresponding third-party app F5 Access, SonicWall Mobile Connect and Citrix SSO respectively, to be installed in the device for setting up the VPN configuration. Click here to know more about App Distribution and click here to know how to install apps silently in Mac devices.
Profile Description
Profile Specification | Description |
---|---|
Specify the apps to use this VPN | |
App name | Specify the name of the apps for which the VPN is to be set up. |
Bundle identifier | Specify the bundle identifier of the apps for which the VPN is to be set up. |
Code designated requirement | This is required for verifying updates for the specified apps. Execute the following command on the Terminal of a device and copy the response: codesign -d -r- /Applications/<app_name>.app |
Signing identifier | This is required to verify the validity of the app and to ensure it's not been corrupted or tampered with. Execute the following command on the Terminal of a device and copy the identifier value: codesign -dv --entitlements- /Applications/<app_name>.app |
Configure per-app VPN | |
Automatically connect to this VPN, when using the selected apps | Enable to ensure a VPN is set up automatically, when the apps are being used |
Secure network communication using | Choose whether to use App Proxy or Packet tunnelling as the means to secure the communication |
General VPN settings | |
Connection Type | Select the VPN connection type to be configured on the devices. |
Connection Name | Specify the name, which needs to be displayed as VPN name on the end user's mobile device |
Server Name / IP Address | Host name or IP address of the server |
Account | 'User Authentication to access the VPN' (%username%) will get the appropriate user name, mapped to the device |
App Name (Can be configured only if Connection Type is set as Custom SSL) | Specify the app name to be configured. |
Plug-in identifier (Can be configured only if Connection Type is set as Custom SSL) | Specify the plug-in identifier to identify the apps and apply VPN on the device. This information is available with the third-part VPN vendor. |
Provider bundle identifer (Can be configured only if Connection Type is set as Custom SSL) | Some applications utilize the same plug-in identifier for multiple apps. Specify the provider bundle identifier to identify the required VPN app. This information is available with the third-party VPN vendor. |
Custom Data | Specify custom data to include additional configurations to the VPN connection. Only configurations supported by the third-party vendors can be included here. |
User Authentication | Specify user authentication type as password or certificate. While configuring per-app VPN, most VPN types recommend the use of certificates for authentication. |
Password (Can be configured only if User authentication is set as Password) | Specify the password to be used for user authentication |
Identity Certificate (Can be configured only if User Authentication is set as Certificate) | Specify the identity certificate to be used for certificate-based authentication. You can also use SCEP for this. |
Configure Proxy | |
Proxy settings | Configure proxy settings for VPN |
Server URL (Can be configured only if Proxy is set as Automatic) | Specify the URL containing the Proxy PAC. |
Server (Can be configured only if Proxy is set as Manual) | Proxy server name |
Port (Can be configured only if Proxy is set as Manual) | Port number to be used |
User Name (Can be configured only if Proxy is set as Manual) | User name for authentication |
Password (Can be configured only if Proxy is set as Manual) | Specify the password to be used. |
Dynamic Variables :
- The below mentioned dynamic variables are retrieved from the data provided while enrolling the device.
- %username% - will get the appropriate user name, mapped to the device