- Create an Activation Profile that enables Jamf Connect's Network access as a service capability to be deployed on target devices. Note:
Per-App VPN mode inherently disables device-wide Content controls and Network security capabilities. If you still need these services, you must deploy a second device-wide traffic vectoring profile. Contact Jamf Support for assistance.
- Configure Identity-based Provisioning or download the macOS App Configuration from the Managed Deployment section of the newly created Activation Profile.
For more information, see Configuring Identity-based Provisioning in the Jamf Security Cloud Portal Guide.
- Deploy the Jamf Trust app (and managed app configuration as required) to target devices.Note:
Jamf recommends that you deploy Jamf Trust via VPP and deploy the Enterprise single sign-on profile, where supported.
- During the activation of the Jamf Trust app on the end-user device, the Per-App VPN profile is automatically detected and "adopted" during the activation process.Note:
The user will not be required to enter their PIN code to install the VPN during this process. The VPN has already been pre-authorized via the UEM solution.
Zero Trust Network Access is configured and deployed in Per-App VPN mode on your macOS devices. Verify by checking System Preferences > Network on a macOS device.