Configure Per-App VPN for Android App in Workspace ONE UEM

Last updated
Save as PDF

Per-App VPN provides granular control over network traffic by routing only selected Android applications through a secure tunnel. This approach protects access to internal resources while allowing personal traffic to bypass the corporate network. To apply these policies, ensure you keep the VPN client connected and running on the device. After updating the app restriction list, restart the VPN service for the changes to take effect.

Create App Configuration Policy

Follow these steps to configure and deploy a Per-App VPN policy to managed Android devices through Workspace ONE UEM.

Log in to the Workspace ONE UEM console.
Go to Resources > Native Apps > Public > Add Application.
Select Android as the Platform from the dropdown.
Select SEARCH APP STORE as Source.
Enter Skyhigh Client as the app name.
Click Search.
Select the Skyhigh Client app from the search result.
Click SAVE & ASSIGN.
Under the Distribution tab, enter an assignment name in the Name field and add device groups under Assignment Groups as needed.
Go to the Application Configuration tab and enable Send Configuration.
Enter the application package names in the SCAppPerAppInclusion field to specify apps that must use the VPN tunnel, or the SCAppPerAppExclusion field to specify apps that must bypass the VPN tunnel.

NOTE: You can enter either the inclusion list or the exclusion list at a time, not both.

image (95)_1.png

Click SAVE.
Click PUBLISH.

The app has been added.

When the Skyhigh Client app VPN is active and connected, apps in the inclusion list use the VPN tunnel while other apps access the internet directly; when the exclusion list is selected, listed apps access the internet directly, and all other app traffic is routed through the VPN tunnel.