Reset Search



KB21438 - Configuring VPN On Demand for iPhone/iPad with Apple Configurator

« Go Back


Last Modified Date11/5/2016 9:03 AM
This article provides steps on how to implement VPN On Demand (VOD) for iPhone/iPad with Apple Configurator.
Problem or Goal

Deploying client certificates and VPN On Demand (VOD) feature to multiple iOS devices is supported by Pulse Workspace.  For Pulse Workspace instructions, refer to KB40360 - VPN On Demand with Pulse WorkSpace and Pulse Connect Secure.  

The following instructions below are general instructions how to deploy VOD with Apple Configurator.  This document does not address how to create or obtain client certificates for iOS devices.  Pulse Secure recommends to reach out to your certificate authority (CA) admin for more information how to deploy and manage client certificates for iOS devices.


Configure VPN on Demand on an iPhone/iPad

  1. Download Apple Configurator from the App Store.  (Note: This app is only available for macOS)
  2. After opening the app, from the menu bar, click File > New Profile
User-added image
  1. Under General, type a Display Name and Identifier.

  1. From the left pane, click Certificates > Configure
User-added image
  1. Browse and select the User Certificate.
  2. Click Open.  (Note: If the Root CA is not present on the phone, please upload as well)

  1. From the left pane, Click VPN > Configure
User-added image
  1. In the Connection Name field, enter a friendly name.
  2. From the Connection Type drop-down, select Pulse Secure.
  3. In the Server field, enter the fully qualified domain name (FQDN) of the PCS device.
  4. In the Realm field, enter the User realm associated with PCS device.
  5. In the User field, enter the User role associated with the PCS device.
  6. From the User Authentication drop-down, select Certificate.
  7. From the Identify Certificate drop-down, select the certificate imported in step 5-6.
  8. Click the checkbox for Enable VPN On Demand.
  9. Click on the plus (+) sign button
  10. Enter the fully qualified domain name(s) to trigger VPN On Demand

 User-added image

VPN On Demand setting options:

Always: Start a VPN connection each time the specific domain matches.
Never: Do not start a VPN connection each time the specific domain matches.
Establish if needed: Start a VPN connection ONLY after a DNS failure occurs.

Note: For further information about what values can be configured for VPN On Demand, refer to the VPN payload section in the Apple developer's guide.

  1. From the top left, click on red X.  Save the mobileconfig file locally.
  2. Connect the iPhone/iPad via lighting cable to Macbook or iMac running Apple Configurator.
  3. From the top menu, click Add > Profiles
User-added image
  1. ​Select the mobileconfig file from step 18 and click Add.
  2. iPhone/iPad will prompt to Install Profile and click Install.
User-added image
Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255