Example setup with conditional rules

In the setup described in this section, traffic from managed apps using AppTunnel (AppConnect apps using AppTunnel and managed apps using Ivanti Tunnel) on an iPhone or iPad, and all traffic from laptops, desktops, and Android and Windows 10 mobile devices flows through Ivanti Access.

Setup with conditional

Expected behavior with the example setup

Setup with conditional

The following outlines the example setup with conditional rules:

Configure Salesforce service provider and related IdP in Federated Pairs.

Apply Ivanti Tunnel VPN to the Salesforce app.

Configure the following rules in Conditional Access:

Table 22.   Conditional rules

Conditional rule name

Action

Trusted App and Device on iOS

Allow

Untrusted Apps on iPhone

Block

Untrusted Apps on iPad

Block

General Bypass

Allow

The order of the rules matters. Rules are evaluated in the order they appear.

Expected behavior with the example setup

The following outlines the expected behavior with the example setup:

Traffic from the managed Salesforce app on an iPhone and on an iPad will be allowed through Ivanti Access. This setup allows apps such as [email protected] that use AppTunnel to also authenticate to Salesforce.

All other traffic from iPhone and iPad will not be allowed through Ivanti Access.

Therefore, on an iPad or iPhone, only traffic from the managed Salesforce app and any apps that use AppTunnel will have access to Salesforce.

This setup allows users on other devices to continue to access Salesforce. Other devices include desktops, laptops, and Windows 10 and Android mobile devices.

For additional examples, seeKB article.