Deploy Client on iOS Using Kandji

Deploy Client on iOS Using Kandji

This document  illustrates the procedure to deploy Netskope Client on iOS devices and this process ensures reduced user interaction while deploying tenant certificates, system and network extensions.

Deployment Prerequisites

  • In the Netskope UI, go to Settings > Manage > Certificates > Signing CA. Download the Netskope Root and Intermediate Certificate.

    Convert the downloaded certificates to .cer format by renaming the .pem files to .cer.

  • In the Netskope UI, go to Settings > Security Cloud Platform > Netskope Client > MDM, locate and save Organization ID token value.

  • Download AppVPN Proxy Script for iOS Kandji.mobileconfig from Netskope Support.

    Before you upload the .mobileconfig file, perform the following modifications in the downloaded script:
    – Lines 48 and 57: Provide addon host name associated with Netskope tenant. For example, addon-example.goskope.com.
    – Line 59: Provide the Organization ID token value mentioned in prerequisites.
    – Line 61: Replace Kandji variable $EMAIL with the user email address. For spot tests and kiosk type deployments, replace this value with static e-mail provisioned at Netskope tenants.
    – Line 63: Secure Enrollment auth token.
    – Line 65: Secure Enrollment encryption token.
  • Administrator access to Kandji.

  • Administrator access to Netskope.

Upload Netskope Certificates to Kandji

To upload certificates to Kandji:

It is mandatory to upload the Netskope Root Certificate and Netskope Intermediate Certificate.
  1. Login to Kandji and go to Library > Add New.

  2. Select Profiles from the dropdown menu.

  3. Click Certificate > Add and Configure.

  4. Upload Netskope Root Certificate (.cer format).

    1. Enter a name for this certificate. For example: Netskope Root Certificate.

    2. In Assignment,  select the required blueprints and limit installation to iPhone and iPad.

    3. In Settings, select Certificate type as PKCS#1-formatted certificate.

    4. Drag and drop the .cer certificate in the upload box.

  5. Click Save.

  6. Repeat this step to upload the Netskope tenant Intermediate Certificate. When uploading, give a name, for example, Netskope Tenant Certificate.

Netskope Client Distribution

  1. Login to Kandji and click Library.

  2. Select Auto App and search for Netskope Client.

  3. Click the Netskope Client app.

  4. In Assignment, select the required Blueprints and limit installation to iPhone and iPad.

  5. In Settings, ensure the Installation dropdown setting is set to Install and Continuously Enforce.

  6. Click Save.

Upload VPN Configuration to Kandji

Netskope client requires user identity information to enroll and provide user attribution during its operation. Kandji provides this user identity information and Netskope Client uses it as a variable that results in a fully transparent SSO experience.

To upload the script to Kandji:

  1. Go to Library > Add New > Custom Profile.

  2. Click Add and Configure.

  3. Select the required Blueprint.

  4. In Install On, limit the installation to iPhone and iOS.

  5. Under Settings, upload the .mobileconfig file that you downloaded from the Netskope Support.

  6. Click Save.

    You can attempt to generate traffic after the device enrollment is complete according to the configured Blueprint and the applications get distributed. Netskope Client self enrolls and enables connectivity for all mobile apps on the device according to the Netskope Steering Configuration.

Share this Doc

Deploy Client on iOS Using Kandji

Or copy link

In this topic ...