Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configure a Standard VPN for iOS

NOTE: The partner name formerly known as Airwatch is now VMware Workspace ONE UEM. So, this topic has been updated with relevant information. However, the screenshots still refer to Airwatch, which will be updated in future releases.

Log in to the VMware Workspace ONE UEM MDM Portal

Login to the admin portal of VMware Workspace ONE UEM MDM to push the VPN profile to your iPhone profile.

You will be logged in to the admin portal of VMware Workspace ONE UEM.


**Before you proceed further, please make sure to integrate your respective PKI infrastructure with VMware Workspace ONE UEM for managing your device certificate(s).
Adding a Device Certificate and server certificate in the device through MDM.

Go to DevicesProfilesAddAdd ProfileApple iOS 

Give a name to 'General' and fill up respective fields.
Select 'Deployment' type

  • Managed: To automatically download those profiles in the device.
  • Manual: To manually download this profile in the device. To download manually , user will get a notification in the 'Hub' app and clicking on this notification will redirect to messages screen of the app. From that screen user can select any of the messages and download the profiles which are available.

Now select a profile, 'Credentials' to add device certificate and server certificate to your device.You can add multiple certificates in a single profile. Click on the (+) button to add or (-) to delete.


Add a VPN Profile to the Device

Go to DevicesProfilesAddAdd ProfileApple iOS

Give a name to 'General' and fi ll up respective fields.

Select a profile of ' VPN' and click on 'Configure '. These are the configurations need to setup for VPN profile

Connection Info

For example, the following are the values used in Dev/QA testing:

Fields Values
Connection Name* VPN Configuration
Connection Type* IKEv2
Always On False
(Make it false, otherwise device will be in supervised mode)

c<customer ID>
You can get this information from the certificate page.

The following information is required to configure an SMCS app in the MDM of your choice.

VPN gateway address: c<customer ID >

Note: For Private Access configuration, make sure to set VPN server address to

Local Identifier*


(This string is CN (Common Name) and SAN-(Subject Alternate Name) of client certificate 

Remote Identifier*

(This string is CN (Common Name) and SAN-(Subject Alternate Name) of server certificate

Note: Use for Private Access configuration.

Machine Authentication


(select 'certificate' here)


Certificate #1

(if there is no certificate, please follow #3.1 Step )

Server Certificate Issuer Common Name

VPN Server Root CA

(This string is CN-Common Name of server root certificate)

Note: This field is not required for Private Access configuration.

Server Certificate Common Name

(This string is CN-Common Name of server root certificate)

Note: This field is not required for Private Access configuration.

Enable EAP True
EAP Authentication


(select 'certificate' here)

TLS Minimum Version iOS 11 OS Default
TLS Maximum Version iOS 11 OS Default

Certificate #1

(Select the same 'Certificate' which added in 'Credentials')

Dead Peer Detection Interval Every 10 minutes
SA Parameters
IKE2 & Child
Encryption Algorithm AES-256
Integrity Algorithm SHA2-256
Diffie Hellman Group 2
Lifetime in minutes 1440



Add Your Credentials

Select 'Credentials' from the same profile. (you may have to scroll down the menu on the right)
Click on 'Configure' to add new credentials.
Add your Device certificate file here.


Save and Publish Click on 'Save and Publish' to save the profile.

Now click on 'Publish' to publish the profile.

Respective devices will get updated with the published profile.

  • Was this article helpful?