Per-App VPN locks down Jamf Connect's Zero Trust Network Access connectivity to only specific admin-defined, enterprise-managed native client-side apps. Follow these steps to configure Per-App VPN on Android Enterprise-enabled devices.
A Jamf Connect license
User devices activated with the Zero Trust Network Access service via an Activation Profile
User devices managed by a UEM solution via a supported Android Enterprise deployment mode
The UEM solution must support management of app configurations via Managed Google Play
The package IDs for the apps permitted to use the Zero Trust Network Access Per-App VPN. You can find a public app's package ID in the Google Play Store on your desktop browser.
- Collect all of the app package IDs that should be authorized to use the Zero Trust Network Access Per-App VPN.
- Import the Jamf Trust app via Android Enterprise Managed Google Play in your UEM solution.
- Locate and edit the Wandera app's managed app configuration within your UEM's app configuration editing interface.
- In the UEM configuration interface, add the VPN Allowed Applications configuration key.
- Add the package IDs in the configuration value field in comma-delimited form without any spaces between each field.
- Save and assign the app configuration to the desired end-user devices and groups.
The Zero Trust Network Access VPN will now be limited to just the defined applications after the Jamf Trust app checks in. No end user involvement is required.
Changes to the Per-App VPN list are picked up intermittently by the device after pushed from the UEM solution.