Main tasks for configuring Ivanti Tunnel for macOS (Ivanti EPMM)
Following are the main steps for configuring Ivanti Tunnel for macOS:
- Configuring Ivanti Tunnel VPN (Ivanti EPMM)
- Applying the Ivanti Tunnel VPN setting to managed apps (Ivanti EPMM)
- Distribute Ivanti Tunnel for macOS as a VPP app (Ivanti EPMM)
Configuring Ivanti Tunnel VPN (Ivanti EPMM)
Ivanti Tunnel supports per-app and device-level VPN. Choose the appropriate configuration depending on whether you are creating a per-app VPN or a device-level VPN.
You can create multiple Tunnel configurations to push to a device. The VPN profiles pushed to a device are listed in Settings > General > VPN, and in Settings > General > Device Management. Depending on the app in use, macOS automatically switches to use the VPN profile applied to the app.
You can apply both per-app VPN and device-level VPN to a device. However, per-app VPN takes priority over device-level VPN. The device-level VPN is used for apps that are not associated with a per-app VPN.
Before you begin
- If you are configuring app proxy VPN, ensure that you have created a TCP AppTunnel service in Standalone Sentry.
- If you are configuring packet tunnel provider type, ensure that you have created an IP AppTunnel service in Standalone Sentry.
- For information on setting up a TCP or IP AppTunnel service see “Working with Standalone Sentry for AppTunnel” in the Standalone Sentry Guide for Ivanti EPMM.
- If you are configuring Ivanti Tunnel for securing authentication traffic with Access see the Access Guide.
Ivanti strongly recommends creating separate Tunnel VPN configurations for iOS and macOS. Using the same Tunnel VPN configuration for iOS and macOS may cause issues with how Tunnel operates and how traffic through Tunnel is handled.
Procedure
- In the Admin Portal, go to Policies & Configs > Configurations.
- Click Add New > VPN.
- For Connection Type, select Ivanti Tunnel.
- Add the necessary configurations.
- Click Save.
- Apply the configuration to a label containing the macOS devices.
Next steps
Go to Applying the Ivanti Tunnel VPN setting to managed apps (Ivanti EPMM).
- For a description of the configuration fields for Ivanti Tunnel VPN, see Ivanti Tunnel VPN configuration field description.
- For a description of the key-value pairs, see Key-value pairs for Ivanti Tunnel for macOS.
Applying the Ivanti Tunnel VPN setting to managed apps (Ivanti EPMM)
When you Add or Edit an app in the App Catalog, you have the option to select the per app VPN setting to apply to the app. For this workflow, select the Ivanti Tunnel VPN setting for macOS that you created.
Before you begin
Ensure that the apps to which you will apply the Ivanti Tunnel VPN setting are available in the App Catalog on Ivanti EPMM. See the Ivanti EPMM Apps@Work Guide for your release for more information.
macOS apps can be deployed either as VPP apps or as in-house apps. Ensure that the VPP apps are assigned to a VPP label and a macOS label, and in-house apps are assigned to a macOS label.
Procedure
- In the Admin Portal, go to Apps > App Catalog.
- Select macOS from the Platform list.
- Select an app and click the edit icon next to the app.
- In the form, for Per App VPN Settings, select the Ivanti Tunnel (macOS) VPN you created.
For more information about adding and editing apps for distribution, see the following sections in the Ivanti EPMM Apps@Work Guide:
- “Populating the iOS and macOS App Catalogs.”
- “Using the wizard to add an in-house iOS or macOS app to the App Catalog.”
- “Using the Apple Volume Purchase Program (VPP).”
- Ivanti EPMM product documentation.
Distribute Ivanti Tunnel for macOS as a VPP app (Ivanti EPMM)
Ivanti Tunnel is available in the Mac App Store. Device users can download the app directly from the Mac App Store.
Ivanti Tunnel can also be distributed as a Volume Purchase Program (VPP) app from Ivanti EPMM. Apple provides VPP to facilitate app purchase and distribution within an organization. The App Store Volume Purchase Program (VPP) allows participating organizations to purchase iOS and macOS apps in volume and distribute the apps to their users.
While Apple supports user-based licensing for macOS VPP apps, currently there is an Apple issue with the installation of user-based licensed VPP apps through MDM. As a result, Ivanti does not recommend applying user-based licenses to macOS VPP apps.
For information on how to distribute Ivanti Tunnel for macOS as a VPP app, see “Using the Apple Volume Purchase Program (VPP) in the Ivanti EPMM Apps@Work Guide.
For countries for which a VPP program is not available, device users can download and install Ivanti Tunnel directly from the Mac App Store.