Per-App VPN for iOS Devices
iOS per-app VPN enables devices to establish a Virtual Private Network(VPN) connection when specific managed apps are launched. A VPN ensures all data is transmitted via secured tunnel which means, it strictly requires authentication or a special certificate to establish connectivity. So, every enterprise prefers to configure VPN, to ensure all the corporate data is secured from hackers or unauthentic users. VPN is a necessity, without which users cannot reach the corporate network away from work. Since mobile devices have become a part of productivity, corporate data should be reachable for employees from anywhere or everywhere. As an administrator, you have the need to configure VPN for all the managed mobile devices.
When a VPN is set up, all the data from the devices, including the personal data, is routed through the VPN. Some organizations only require a VPN to be set up only for the corporate apps, in that case the admin can make use of per-app VPN. With per-app VPN, the admin can select the apps for which the VPN is to be set up.
You have to specify the app for which VPN should be turned on. You can add multiple apps in the same profile. The below mentioned table assists you on the inputs which need to be used on the product server to configure VPN for mobile devices
The following VPN connection types are supported by MDM:
- Cisco AnyConnect Legacy (Device OS is less than iOS 10.3)
- Cisco AnyConnect New (Device OS is iOS 10.3 or later versions)
- F5 SSL
- Juniper SSL
- Pulse Secure
- SonicWall Mobile Connect
- Aruba VIA
- Check Point Mobile VPN
Pulse Secure VPN, Cisco AnyConnect Legacy, Cisco AnyConnect New and F5 SSL require the corresponding third-party app Pulse Secure, Cisco AnyConnect Legacy, Cisco AnyConnect New and F5 BIG-IP Edge Client respectively, to be installed in the device for setting up the VPN configuration. Click here to know more about App Distribution and click here to know how to install apps silently in iOS devices.
Note: It is possible to configure Per-App VPN for native apps by adding them to the App Repository and configure VPN.
Profile Description
PROFILE SETTINGS | DESCRIPTION |
---|---|
Per-App VPN | |
Add App | Specify the name of the apps for which the VPN is to be set up. |
Automatically connect to this VPN, when using the selected apps | Enable to ensure a VPN is set up automatically, when the apps are being used |
Secure network communication using | Choose whether to use App Proxy or Packet tunnelling as the means to secure the communication |
General VPN settings | |
Connection Type | Connection type to be enabled |
Connection Name | Specify the name, which needs to be displayed as VPN name on the end user's mobile device |
Server Name / IP Address | Host name or IP address of the server |
Account | 'User Authentication to access the VPN' (%username%) will get the appropriate user name, mapped to the device |
Realm (Can be configured only if Connection Type is set as Juniper SSL/Pulse VPN) | Specify the authentication realm. An authentication realm specifies the criteria users must comply with, to use the VPN service. It is a grouping of authentication resources, including authentication server, authentication policy etc., This is usually done by the network administrators. |
Role (Can be configured only if Connection Type is set as Juniper SSL/Pulse VPN) | Specify the user role. A user role is an entity defining user session parameters(such as session settings), personalization settings(such as bookmarks) and other enabled access features. For example, a user role may define whether or not a user can perform Web browsing. |
Group Name | Specify the group name to be used for identifying the group. The group must end with [hybrid] if Hybrid Authentication is enabled |
User Authentication | Specify user authentication type as password or RSA securID |
Password (Can be configured only if User authentication is set as Password) | Specify the password to be used for user authentication |
Identity Certificate (Can be configured only if User Authentication is set as Certificate) | Specify the identity certificate to be used for certificate-based authentication. You can also use SCEP for this. |
Configure Proxy | |
Proxy settings | Configure proxy settings for VPN |
Server URL (Can be configured only if Proxy is set as Automatic) | Specify the URL containing the Proxy PAC. |
Server (Can be configured only if Proxy is set as Manual) | Proxy server name |
Port (Can be configured only if Proxy is set as Manual) | Port number to be used |
User Name (Can be configured only if Proxy is set as Manual) | User name for authentication |
Password (Can be configured only if Proxy is set as Manual) | Specify the password to be used. |
Dynamic Variables :
The below mentioned dynamic variables are retrieved from the data provided while enrolling the device.
%username% - will get the appropriate user name, mapped to the device