Deploying client certificates and VPN On Demand (VOD) feature to multiple iOS devices is supported by Pulse Workspace. For Pulse Workspace instructions, refer to KB40360 - VPN On Demand with Pulse WorkSpace and Pulse Connect Secure.
The following instructions below are general instructions how to deploy VOD with Apple Configurator. This document does not address how to create or obtain client certificates for iOS devices. Pulse Secure recommends to reach out to your certificate authority (CA) admin for more information how to deploy and manage client certificates for iOS devices.
Configure VPN on Demand on an iPhone/iPad
- Download Apple Configurator from the App Store. (Note: This app is only available for macOS)
- After opening the app, from the menu bar, click File > New Profile
- Under General, type a Display Name and Identifier.
- From the left pane, click Certificates > Configure
- Browse and select the User Certificate.
- Click Open. (Note: If the Root CA is not present on the phone, please upload as well)
- From the left pane, Click VPN > Configure
- In the Connection Name field, enter a friendly name.
- From the Connection Type drop-down, select Pulse Secure.
- In the Server field, enter the fully qualified domain name (FQDN) of the PCS device.
- In the Realm field, enter the User realm associated with PCS device.
- In the User field, enter the User role associated with the PCS device.
- From the User Authentication drop-down, select Certificate.
- From the Identify Certificate drop-down, select the certificate imported in step 5-6.
- Click the checkbox for Enable VPN On Demand.
- Click on the plus (+) sign button
- Enter the fully qualified domain name(s) to trigger VPN On Demand
VPN On Demand setting options:
Always: Start a VPN connection each time the specific domain matches.
Never: Do not start a VPN connection each time the specific domain matches.
Establish if needed: Start a VPN connection ONLY after a DNS failure occurs.
Note: For further information about what values can be configured for VPN On Demand, refer to the VPN payload section in the Apple developer's guide.
- From the top left, click on red X. Save the mobileconfig file locally.
- Connect the iPhone/iPad via lighting cable to Macbook or iMac running Apple Configurator.
- From the top menu, click Add > Profiles
- Select the mobileconfig file from step 18 and click Add.
- iPhone/iPad will prompt to Install Profile and click Install.