After you configure the certificate authority and certificate template settings in Workspace ONE UEM, you can deploy an Identity Certificate and AnyConnect VPN settings to configure all assigned devices.

This process can be accomplished by creating a VPN and Certificate Profile.

  1. Navigate to Devices > Profiles > List View from the Workspace ONE UEM console main menu.

  2. Select Add.
  3. Select the applicable device platform to open the Add a New Profilescreen.
  4. Configure the General settings for the profile. The General settings determine how the profile is deployed and who receives it and other overall settings.

  5. Select Credentials from the profile options at left and then select Configure.
  6. Select Defined Certificate Authority from the Credential Source drop-down menu.
  7. Select the external CA created previously from the Certificate Authority drop-down menu.
  8. Select the certificate template created previously from the Certificate Template drop-down menu.

  9. Select VPN from the profile options at left and then select Configure.

    Credentials profile settings must be configured before the VPN profile settings because the VPN configuration refers to the Credential that was created in the previous step. Also, some of the configuration settings described here are not applicable to all device platforms.

  10. Configure the following VPN profile settings:
    • Enter a Connection Name used to identify this specific VPN connection on the device.
    • Select Cisco AnyConnect as the VPN Connection Type.
    • Enter the VPN Server. This value is the URL that users connect to for establishing their VPN connection.
    • If your VPN has been configured to apply user credentials in addition to a certificate for authentication, then specify a User Account to pass to the VPN endpoint. To pass Workspace ONE UEM User Account names to the VPN endpoint, use the {EnrollmentUser} lookup value.
    • To send all device traffic through the VPN connections, check the Send All Traffic check box. Alternatively, only traffic destined for the internal enterprise network uses the VPN connection, and public traffic continues to use 3G or other external connections to communicate.
    • Next, select Certificate as the User Authentication type.
    • Specify the AnyConnect VPN Group Name used to establish the connection.
    • Select the credential you created previously from the Identity Certificate drop-down menu.

  11. Select Save or Save & Publish to push the profile to a device.

And finally, you must Deploy the AnyConnect application to Devices.