Virtual private networks (VPNs) provide devices with a secure and encrypted tunnel to access internal resources. VPN profiles enable each device to function as if it were connected through the on-site network.

  1. Navigate to Devices > Profiles & Resources > Profiles and select Add. Select Apple macOS, and then select whether this profile will apply to only the enrollment user on the device ( User Profile), or the entire device ( Device Profile).
  2. Configure the profile's General settings.

    These settings determine how the profile deploys and who receives it. For more information on General settings, see Add General Profile Settings.

  3. Select the VPN payload.
  4. Configure Connection settings.


    The following settings vary depending on the type of connection selected.

    Settings Description
    Connection Name Enter the name of the connection name to be displayed on the device.
    Connection Type

    Use the drop-down menu to select the network connection method. The available options are:

    • L2TP
    • PPTP
    • IPSec (Cisco) (applicable for VPN On Demand)
    • F5 SSL (applicable for VPN On Demand)
    • Custom SSL (applicable for VPN On Demand)
    • F5 Access (applicable for VPN On Demand)
    Identifier Enter the identifier for the VPN connection.
    Server Enter the hostname or IP address of the server to which to connect.
    Account Enter the name of the VPN account.
    Encryption Level Select the level of encryption, either Automatic or Maximum Bit.
    Send All Traffic Select this check box to force all traffic through the specified network.
    Per App VPN For macOS v10.9 devices, use Per-App VPN to choose what apps should connect to what networks.
    Connect Automatically Select this check box to allow the VPN to connect automatically to chosen Safari Domains.
    Enable Safari Domains

    Enable this setting to set specific domains or hosts that open the secure VPN connection in the Safari browser. Add domains as needed.

    If you configure a VMware Tunnel Per-App Tunnel network traffic rule for the Safari app for macOS, Workspace ONE UEM disables this setting. The network traffic rules override any configured Safari Domain rules. For more information, see Network Traffic Rules for Per-App Tunnel.

    App Mapping Enable this setting to allow specific applications to open a secure VPN connection. Add app bundle ID(s) for applications allowed to open a secure VPN connection.
    Web Logon Select this checkbox to allow F5 Access application to render a browser-based login page instead of a dialog box for VPN authentication. This feature also gives the administrators the ability to configure fields required for the authentication.
  5. Configure Authentication information including:

    Setting Description
    User Authentication Select the radio button to indicate how to authenticate end users through the VPN, through either password or RSA SecurID.
    Password Enter the password for the VPN account.
    Machine Authentication Select the type of machine authentication to authorize end users for the VPN access.
    Identity Certificate Enter the credentials to authorize end users for the VPN connection (if Certificate is selected as machine authentication).
    Shared Secret Enter the Shared Secret key to be provided to authorize end users for the VPN connection (if Shared Secret is selected as machine authentication).
  6. Select either Manual or Automatic proxy and the appropriate settings.
  7. Select Save & Publish when you are finished to push the profile to devices.