Per-application VPN
FortiClient (iOS) supports per-application VPN with Workspace ONE using username and password authentication.
To configure per-application VPN:
- In Workspace ONE, go to Resources > Profiles & Baselines > Profiles.
- Click ADD > Add Profile.
- Select iOS.
- Select User Profile or Device Profile.
- Enter a meaningful name, then scroll to VPN and click ADD.
- Configure the VPN profile:
- Under Connection Info, configure the following:
- In the Connection Name field, enter a meaningful name for the VPN profile. This name appears on the FortiClient application VPN tunnel list.
- From the Connection Type dropdown list, select Custom.
- In the Identifier field, enter com.fortinet.forticlient.fabricagent.
- In the Server field, enter the VPN server IP address or FQDN.
- In the Account field, enter the username of the account to authenticate to the VPN server.
- Under Custom Data, you can configure a key-value pair with
SingleSignOn
as the key andTrue
orFalse
as the value. If you setSingleSignOn
toTrue
, the VPN profile uses single sign on to authenticate the user. - Enable Per-App VPN Rules.
- Enable Connect Automatically.
- From the Provider Type dropdown list, select App Proxy.
- Under Authentication, configure the following:
- From the User Authentication dropdown list, select Password.
- In the Password field, enter the desired password for the user to authenticate to the VPN tunnel with.
- Under Connection Info, configure the following:
- Assign the VPN profile to the desired smart group.
- Assign an application to use the per-application VPN profile:
- Go to Resources > Apps > Native.
- Go to the desired app.
- Create a new assignment or edit an existing assignment.
- Go to Tunnel & Other Attributes.
- From the Per App VPN Profile dropdown list, select the profile that you created.
After the device syncs with Workspace ONE, the VPN tunnel appears in FortiClient in Settings > VPN > PER-APP VPN. When opening the selected app for the per-application VPN, FortiClient automatically connects to VPN. When you close the app, FortiClient disconnects from VPN. In iOS VPN settings, confirm that Connect On Demand is enabled. With the example configuration, FortiClient automatically connects to VPN when the user opens DuckDuckGo: