There are some additional iOS and Android configurations that are optional but can be applied to both iOS and Android devices. Each configuation has their own specific requirements and will also require that you deploy the Tunnel app to devices using Application Configurations during device assignment.

Application configurations are key-value pairs that you deploy with the application to preconfigure features for users. The table below shows many of the application configurations that are available for Android and iOS.

Table 1. Key-Value Pairs for Android Tunnel

Key Name & Type

Configuration Value

Description

Version Added & Mode

Privacy Controls:

Friendly Key: Custom Privacy Policy URL

Configuration Key: PrivacyPolicyLink

Value Type: String

Example: https://www.acme.com

Provide the Policy URL that you want your users to visit when Your company's privacy policy is selected from the Privacy notice.

4.2

Standalone Mode Supported

Friendly Key: Display Privacy Dialog Box

Configuration Key: DisplayPrivacyDialog

Value Type: Boolean

True - Enable

False - Disable

When set to '1' (Enable), Workspace ONE Tunnel displays a privacy notice to the users about the data that is collected and the permissions that are required on the device for the optimal functioning of the app.

4.2

Standalone Mode NOT Supported

Friendly Key: Crash Reporting

Configuration Key: PolicyAllowCrashReporting

Value Type: Boolean

True - Enable

False - Disable

Set to True to report Workspace ONE Tunnel crashes to VMware.

4.2

Standalone Mode Supported

Friendly Key: Toggle VPN Connection (Technical Preview)

Configuration Key: EnableToggleVPN

Value Type: Boolean

True - Enable

False - Disable (Default)

Set to True to provide users the option to connect/ disconnect the Tunnel Connection on demand.

22.03

Standalone Mode Supported by Default

Friendly Key: Toggle Timeout (Technical Preview)

Configuration Key: ToggleVPNTimeout

Value Type: Integer

Time in minutes

Default Value = 0 (No timeout)

Set a timeout in minutes for an Active Tunnel connection.

22.03

Standalone Mode NOT Supported

Diagnostics and Troubleshooting:

Friendly Key: Feature Analytics

Configuration Key: PolicyAllowFeatureAnalytics

Value Type: Integer

1 - Enable

0 - Disable

Set to True to enable data collection for Workspace ONE Tunnel experience improvement.

4.2

Standalone Mode Supported

Friendly Key: Display Welcome Screen

Configuration Key: DisplayWelcomeScreen

Value Type: Boolean

True - Enable

False - Disable

Set to True to hide the Workspace ONE Tunnel welcome screen.

4.2

Standalone Mode NOT Supported

Friendly Key: Filter Diagnostics View

Configuration Key: FilterDiagnosticsView

Value Type: Boolean

True - Enable

False - Disable

Set to True to filter advanced connection details in the Diagnostics view.

5.6

Standalone Mode Supported

Friendly Key: Enable Debug Logs on Install

Configuration Key: EnableDebugLogsOnInstall

Value Type: Integer

0 – Disable

1 – Enable

2 – Force Enable

This setting is strictly for debugging.

21.01

Standalone Mode Supported

Friendly Key: Enable App Activity (Beta)

Configuration Key: ShowDataUsage

Value Type: Boolean

True - Enable

False - Disable

Set to True to enable details for applications that have recently sent a network request in the UI.

21.01

Standalone Mode Supported

Container Wide/ Full Device Mode:

Friendly Key: Exempt Application from Container-wide Tunnel

Configuration Key: DisallowAppsList

Value Type: String

Example:

{ "com.facebook.orca","com.whatsapp"}

Provide a list of applications that are exempt from Full Device Tunnel.

22.03

Standalone Mode NOT Supported

Other Settings:

Friendly Key: Custom Settings

Configuration Key: CustomSettings

Value Type: String

Example:

{ “PackageID”: “com.google.android.gms”, “Domains”: “acme.vidmpreview.com”, “Action”: “Proxy”, “Proxy”: “https://acme.vidmpreview.com:5262”, “DefaultActionForSettings”: “Bypass” }

Custom Settings for Tunnel

5.1

Standalone Mode Supported

Friendly Key: Trusted Network Probe Url

Configuration Key: TrustedNetworkProbeUrl

Value Type: String

  • <internal-site>

  • <internal-site>:<port>

  • http://<internal-site>

  • http://<internal-site>:80

  • https://<internal-site>

  • https://<internal-site>:443

You can use this attribute to detect if your device is connected to a trusted network, based on your device's ability to reach a private URL. You can specify a comma-separated list for redundancy.

5.6

Standalone Mode Supported

Friendly Key: UEM API Sync Interval

Configuration Key: ClientSyncInterval

Value Type: String

Time in minutes. Minimum value recommended is 60 minutes. Default value is 240 minutes.

Determines sync interval with UEM API for Tunnel configuration updates. This is part of the new DTR sync mechanism.

22.03

Standalone Mode Supported

You must know the supported key-value pairs for your application to deploy them and to code them. To find other supported application configurations, review the listed resources. You can enter supported pairs when you upload applications to the Workspace ONE UEM console and you can code them into your applications.

The application vendor sets the supported configurations for the application, so you can contact the vendor or visit other sites with information about application configurations.

The Workspace ONE UEM knowledge base has articles about working with application configurations when you develop applications. See Workspace ONE UEM Managed App Configuration at https://support.air-watch.com/articles/115006248807.

Privacy Dialog

VMware Workspace ONE Tunnel supports a privacy dialog that displays information regarding the application an admin configures. Tunnel only supports the privacy dialog for iOS and Android devices. You must deploy the Tunnel app to devices using Application Configurations during device assignment.

The dialog displays the following information to end users:

Table 2. Privacy Dialog Information

Information

Description

Data collected by the application

Provides a summary of data which is collected and processed by the application. Some of this data will be visible to administrators of the Workspace ONE UEM console.

Device permissions

Provides a summary of device permissions requested for the app to enable product features and functionality, such as push notifications to the device.

Company's privacy policy

Enables administrators to display a customized privacy notice to their users through a configurable URL. If no privacy notice is provided, a default message will be shown to the user to contact their employer for more information.

Configure Public Apps to Use Per App Profile

After you create a per app tunnel profile you can assign it to specific apps in the application configuration screen. This tells that application to use the defined VPN profile when establishing connections.

This workflow only applies to Android and iOS devices.

  1. Go to Apps & Books > Applications > Native.
  2. Select the Public tab.
  3. Select Add Application to add an app or Edit an existing app.
    Note: For iOS apps, only public or internal apps built with the Cocoa Framework are supported.
  4. On the Deployment tab, select Use VPN and then select the profile you created.
  5. Select Save and publish your changes.

Configure Internal Apps to Use Per App Profile

After you create a per app tunnel profile you can assign it to specific apps in the application configuration screen. This tells that application to use the defined VPN profile when establishing connections.

This workflow only applies to Android and iOS devices.

  1. Go to Apps & Books > Applications > Native.
  2. Select the Internal tab.
  3. Select Add Application and add an app.
    Note: For iOS apps, only public or internal apps built with the Cocoa Framework are supported.
  4. Select Save & Assign to move to the Assignment page.
  5. Select Add Assignment and select Per-App VPN Profile in the Advanced section.
  6. Save & Publish the app.