Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configure Per-App VPN for iOS in Workspace ONE UEM

  1. Last updated
  2. Save as PDF

Per-App VPN routes network traffic only from selected iOS applications through a secure tunnel. It provides managed apps, controlled access to internal resources, and keeps personal traffic outside the corporate network.

Admin enable secure tunnel routes for Workspace ONE UEM-managed applications by configuring Per-App VPN, creating the VPN profile, uploading the required certificates and certificate password, and assigning the profile to the application. After completing the configuration, the admin allows the VPN tunnel to activate automatically when the application launches, and the tunnel carries only that application's traffic.

Create a VPN Profile

To create a VPN Profile: 

  1. Log in to the Workspace ONE UEM console.

    1.png
     
  2. Go to Resources > Profiles & Baselines > Profiles, and select ADD > Add Profile.

    2.png
     
  3. Select Apple iOS as the platform.

    3.png
     
  4. Click Next.

    4.png
     
  5. In the Name field, enter a name for the VPN profile.

    5_1.png
     
  6. Click ADD in the Credentials ​​​​​​section.

    5.5.png
     
  7. Click CHOOSE FILE to upload the identity certificate (.p12). 

    6.1.png
     
  8. Enter a certificate password for the identity certificate (.p12) in the Certificate Password field.

    6_1.png
     
  9. Click ATTACH CERTIFICATE.

    7.png
     
  10. Click ADD > CHOOSE FILE to upload the tenant customer CA certificate.
  11. Click ATTACH CERTIFICATE.

    9.png
     
  12. Click ADD in the VPN section to configure VPN settings.

    10.png
     
  13. In the Connection Name field, enter a name for the VPN connection.
  14. Select Connection Type as IKEv2 from the dropdown.
  15. Enter mobile.skyhigh.cloud as Server.
  16. Enter the identity certificate common name as the Local Identifier.
  17. Enter mobile.skyhigh.cloud as Remote Identifier.

    clipboard_ec6575ef74d00b4d53f64ea2611c4d945.png

 

  1. Select Certificate as Machine Authentication from the dropdown.
  2. Select the .p12 certificate that you entered in step 8 as Credential from the dropdown.

    clipboard_e06bd3294e9b3be4f9d2461a62af9c597.png
     
  3. Enable EAP
  4. Select Certificate as EAP Authentication from the dropdown.
  5. Select the .p12 certificate that you entered in step 8 as Credential from the dropdown.

    clipboard_e0f81d09b43e8f7ae95f7a0221811ed14.png
  6. Enable the Per-App VPN Rules and Connect Automatically settings. 

    13.png
     
  7. Click NEXT.
  8. Configure the Assignment settings for any devices and click SAVE & PUBLISH.

    14.png

    The VPN profile now appears in the profiles list.

    15.png
Add App Store Apps to the VPN Profile
  1. Go to Resources > Native Apps > Public > Add Application.

    16.png
     
  2. Select Apple iOS as the Platform from the dropdown.
  3. Select SEARCH APP STORE as Source​​​​.
  4. Enter Skyhigh Client as the app name.
  5. Click NEXT.

    clipboard_e1d0ee6c999fec1979e124cf56718e534.png
     
  6. Select the Skyhigh Client app from the search result.

    18.png
     
  7. Click SAVE & ASSIGN.

    19.png
     
  8. Under the Distribution tab, enter an assignment name in the Name field and add device groups under Assignment Groups as needed.

    20.png
     
  9. Go to Tunnel & Other Attributes ​​​​​​tab.

    21.png
     
  10. In the Per App VPN Profile setting, select the VPN profile created from the dropdown and click CREATE.

    22.png
     
  11. Click SAVE

    23.png
     
  12. Click PUBLISH.

    24.png

    The app has been added. 

    25.png

The app now uses the assigned Per-App VPN. When the user opens the app, the VPN tunnel automatically activates and routes only that app’s traffic through the secure VPN connection.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.