How to configure VPN for specific apps/websites?
With the increased reliance on mobile devices in organizations, corporate apps have become critical for improving employee productivity. Most organizations prefer restricting access to these apps only within the network, which could in turn hamper employee productivity. Configuring VPN is the simplest solution to allow access to these corporate apps securely even outside the organization. But, configuring VPN could prove to be a difficult task for employees who aren't tech savvy. Mobile Device Manager Plus allows you to configure a VPN policy and distribute it to employee devices. This case can also exist for intranet websites/domains. Using MDM, you can configure VPN for certain apps and/or websites as explained below:
To create an app- or website-specific VPN policy and associate it with devices, follow these steps:
- On your MDM server, click on Device Mgmt from the top menu and select Profiles from the left pane.
- Click on Create Profile and select iOS from the dropdown.
- For configuring VPN for websites/domains, select VPN from the list of policies. Configure the basic settings as explained here.
- Select the option Enable VPN On-Demand, present under Configure VPN On-Demand.
- Now, provide the list of domains/websites for which the VPN is to be configured.
- For configuring VPN for apps, select Per-App VPN from the list of available policies. Add the apps for which the VPN is to be configured. You can add any app present on the App Repository/managed devices.
- Finish configuring the policy as explained here. Save and Publish the profile.
- Distribute it to groups and/or devices. Once associated to the devices, the specified website(s)/app(s) will be automatically accessed only via the configured VPN.
In order to prevent users from specifying passcode for authenticating themselves in case of VPN on-demand, you can use certificates for authentication. Using Certificates has the following advantages:
- Certificates are generally considered to be much more secure form of authentication over passwords
- In case of large VPN networks, managing large quantity of passwords can be cumbersome. Certificates in this case is a much more scalable alternative.
- Additionally, passwords are bound to an IP address but certificates are not bound to an IP address, ensuring remote users with a dynamically assigned IP address can authenticate using identification information contained in the certificate.
You can configure certificate as explained here and distribute them on a large scale as explained here.