Netskope Help

Configure the Per-App VPN Profile

By default all Netskope tenants are set to On-Demand iOS VPN. If you want to use the Per-App iOS VPN profile, contact your sales rep, professional services rep, customer success manager, or Support to have Per-App VPN enabled.

To configure a per-app VPN profile:

  1. In the MobileIron Core UI, go to Policies & Configs > Add New > VPN.

  2. Enter these parameters:

    • Name: Enter your VPN connection profile name.

    • Connection Type: IPSec (Cisco).

    • Server: Enter the Netskope VPN server name from the VPN Configuration section in the Netskope UI (Settings > Security Cloud Platform > Client Profile > MDM Distribution).

    • Proxy: Automatic

    • Proxy Server URL: Enter the PAC URL value from the VPN Configuration dialog box in the Netskope UI.

    • Proxy Domains: Click Add+, and then add the SaaS domain names. Get the domain names for each SaaS app from the MDM Distribution page by clicking Download Domain List in the Create VPN Configuration section.

    • Username: $EMAIL$.

    • User Authentication: Certificate.

    • Identity Certificate: Select the Certificate Name (defined in the Configuring Local Certification Enrollment section) from the dropdown list.

    • XAuth Enable: Enable the checkbox.

    • Password: $EMAIL$.

    • Per-App VPN: Select Yes.

    • Provider Type: Use the default from the dropdown list.

  3. When finished, click Save.

Distribute to Devices
  1. Select the following from the Policies & Configs page:

    • SCEP Profile Name

    • Netskope Root CA Public Key

    • Customer Intermediate CA Public Key

    • VPN Profile

  2. Select Apply to Label in the More Actions dropdown list for devices. When the Apply to Label window opens, select iOS and click Apply.

  3. To verify the VPN works, launch a managed app (like Box), and you should see the VPN icon at the top of the Status bar for iOS devices.