Product Documentation

To create an iOS VPN and Per-App VPN profile

Mar 24, 2014

The iOS per-app VPN allows you to leverage a VPN profile to configure add-on VPN software at the app level (based on an app attribute that you apply to the app). This profile is not to be confused with the standard iOS VPN profile. This profile allows you to configure iOS 7 apps to automatically connect to VPN when they are launched. This policy ensures that data transmitted by managed apps travels through a VPN that you specify and control, and that other data, such as an employee's personal web browsing activity, does not.

When you create a per-App VPN policy, you need to also create an App Attribute policy for the app you want to use per-App VPN. The App Attribute policy adds Per-App VPN attribute to the app and then references the ID of the Per-App VPN. Both policies must then be applied to the device.

  1. In the Device Manager web console, on the Policies tab under iOS, click Configurations.
  2. In the New Configuration menu, click Profiles and Settings> VPN.
  3. In the VPN dialog box, enter an Identifier, which is a unique string that is used to identify the profile in the console. Must be unique and not used for any other iOS policy. This Identifier will also be used when you create the App Attribute policy. You can also enter a Display Name, which is how the policy name will be displayed to the device user. All other settings in this dialog box are optional, such as adding a description, or setting automatic policy removal.
  4. In the VPN tab, enter the following VPN settings information:
    1. Display Name on the Device. Enter the name for the VPN configuration as you want it to appear on the device in the iOS Network Settings.
    2. Connection Type. Select a connection type and then, according to the VPN connection, fill out the connection parameters (server name or IP address, username, group, password, and so on).
  5. Click the Per-App VPN tab and then enter the following information:
    1. Enable Per-App VPN. Select to enable this policy to enable a Per-App VPN for the app and device this policy is deployed to.
    2. On demand app enabled. If selected, the Per-App VPN connection starts automatically when apps linked to this Per-App VPN service initiate network communication. If not selected, the Per-App VPN connection must be started manually by the user before apps linked to this Per-App VPN service can initiate network communication.
    3. Safari Domains. Click new Safari Domain to create enable the app to create a secure, Per-App VPN connection through Safari.
  6. Next, select the Proxy tab of you want this VPN connection to route through a proxy server and then enter the proxy server configuration.
  7. Click Create.