Follow these steps to activate Jamf Connect's Zero Trust Network Access with Per-App VPN on your target end user macOS devices.
Note:
The following steps are for Jamf Pro. They will be similar for other UEM and MDM solutions.
- In Jamf Pro, click Computers at the top of the sidebar.
- Click Configuration Profiles in the sidebar.
- Click + New to create a new configuration profile.
- On the left-side of the Options menu, select "VPN".
- Click Configure.
- Enter a Connection Name, for example " Zero Trust Network Access Per-App".
- Set the VPN Type to "Per-App VPN".
- (Optional) Select the Automatically start Per-App VPN connection checkbox, if required.
- Under Safari Domains, define the domains that are allowed to use this Per-App VPN in the Safari app.Note:
This configuration does not apply to other browsers.
- For Per-App VPN Connection Type, select Custom SSL.
- For Identifier, enter com.jamf.trust.
- For Server, enter open.jamf.trust.app.
This is a placeholder hostname that will be rewritten by Jamf Trust during activation.
- For Provider Bundle Identifier, enter com.jamf.trust.ne-access
- Create key-value pairs in the Custom Data section as follows:
Key: ProfileId
Value: com.jamf.trust.bootstrap
- If prompted for User Authentication, select "Password".
If required to enter a username and/or password, you can enter fake values. These are overwritten during activation and are ignored by Jamf Trust.
- For the Provider Type, select "Packet-tunnel".
To ensure consistent behavior on end user devices, Jamf recommends that you select the Prohibit users from disabling on-demand VPN settings checkbox.
- Click Save.