Configuring Per App VPN on iOS MDM devices

The Per App VPN functionality allows a device to establish a VPN connection when supported system apps (Email, Calendar, Safari, and Contacts) are launched. This functionality is available for IKEv2 and IPSec connections.

To enable the Per App VPN functionality:

  1. Perform the initial setup of the VPN connection. For more details on the pre-configuring process, please refer to the Configuring VPN on iOS MDM devices section.
  2. Select the Enable Per App VPN check box.

Set up Per App VPN for supported system apps (Email, Calendar, Safari, and Contacts) in the corresponding policy sections.

When you select the Enable Per App VPN check box, the Turn on VPN automatically for system apps check box becomes available and is also selected. This means that the device will automatically activate the VPN connection when associated system apps initiate network communication.

To specify the Per App VPN configuration for the Email, Calendar, and Contacts apps:

  1. Go to the corresponding policy section.
  2. Click Add to create a new account or select the existing account in the list and click Edit.
  3. In the Per App VPN settings section, select the Enable Per App VPN (iOS 14+) check box.
  4. Choose this Per App VPN configuration from the Select Per App VPN configuration drop-down list and click OK to save the changes.

To specify the Per App VPN configuration for Safari:

  1. Go to the Safari policy section.
  2. Click Add.

    The Adding domain for Safari window opens.

  3. Choose this Per App VPN configuration from the Per App VPN configuration drop-down list.
  4. In the Domain for the VPN connection that will be activated field, specify the website domain that will trigger the VPN connection in Safari. The domain should be in the "www.example.com" format.
  5. Click OK to add the domain to the list.

Page top