Configure the network traffic rules so that the AirWatch Tunnel client routes traffic to the HTTPS proxy for Android devices. You list the Android apps that are configured with the per app VPN option to the traffic rules, and configure the proxy server address and the destination host name.

Before you begin

  • The AirWatch Tunnel option configured with the per-app tunnel component installed.

  • Android VPN profile created.

  • Per-App VPN enabled for each Android App that is added to the Network Traffic rules.

About this task

For detailed information about creating network traffic rules, see the VMware AirWatch Tunnel Guide on the AirWatch Resources Web site.

Procedure

  1. In the AirWatch admin console, navigate to System > Enterprise Integration > AirWatch Tunnel > Network Traffic Rules.
  2. Configure the network traffic rules settings as described in the AirWatch Tunnel Guide. Specific to the Mobile SSO for Android configuration, in the Network Traffic Rules page configure the following settings.
    1. In the Application column, add the Android apps that are configured with the per app VPN profile.
    2. In the Action column, select Proxy and specify the HTTPS proxy information. Enter the VMware Identity Manager host name and port. For example login.example.com:5262.
      Note:

      If you are providing external access to the VMware Identity Manager host, the firewall port 5262 must be opened or port 5262 traffic must be proxied through reverse proxy in the DMZ.

    3. In the Destination Hostname column, enter your destination VMware Identity Manager host name. For example myco.example.com. The AirWatch Tunnel client routes the traffic to the HTTPS proxy from the VMware Identity Manager host name.
  3. Click Save.

What to do next

Publish these rules. After the rules are published, the device receives an update VPN profile and the AirWatch Tunnel application is configured to enable SSO.

Go the VMware Identity Manager administration console and configure Mobile SSO for Android in the Built-in Identity Provider page. See #GUID-3D7A6C83-9644-42AE-94BD-003EAF3718CD.