Example setup with conditional rules
In the setup described in this section, traffic from managed apps using AppTunnel (AppConnect apps using AppTunnel and managed apps using Tunnel) on an iPhone or iPad, and all traffic from laptops, desktops, and Android and Windows 10 mobile devices flows through MobileIron Access.
| • | Setup with conditional |
| • | Expected behavior with the example setup |
Setup with conditional
The following outlines the example setup with conditional rules:
| • | Configure Salesforce service provider and related IdP in Federated Pairs. |
| • | Apply Tunnel VPN to the Salesforce app. |
| • | Configure the following rules in Conditional Access: |
|
Conditional rule name |
Action |
|
Trusted App and Device on iOS |
Allow |
|
Untrusted Apps on iPhone |
Block |
|
Untrusted Apps on iPad |
Block |
|
General Bypass |
Allow |
| NOTE: | The order of the rules matters. Rules are evaluated in the order they appear. |
Expected behavior with the example setup
The following outlines the expected behavior with the example setup:
| • | Traffic from the managed Salesforce app on an iPhone and on an iPad will be allowed through MobileIron Access. This setup allows apps such as Web@Work that use AppTunnel to also authenticate to Salesforce. |
| • | All other traffic from iPhone and iPad will not be allowed through MobileIron Access. |
| • | Therefore, on an iPad or iPhone, only traffic from the managed Salesforce app and any apps that use AppTunnel will have access to Salesforce. |
| • | This setup allows users on other devices to continue to access Salesforce. Other devices include desktops, laptops, and Windows 10 and Android mobile devices. |
For additional examples, see https://community.mobileiron.com/docs/DOC-4100.