Specify which apps use CylanceGATEWAY on iOS devices
CylanceGATEWAY
on iOS
devicesFor
iOS
devices, if your organization manages devices using an EMM solution that supports configuring per-app VPN, you can configure devices to recognize CylanceGATEWAY
as a VPN provider and configure per-app VPN to specify which apps send data through the CylanceGATEWAY
tunnel.To set up per-app tunnel options, you must have permissions for VPN management and app management on
iOS
devices activated using your EMM solution. To specify which apps use the CylanceGATEWAY
tunnel in BlackBerry UEM
perform the following steps:- In theUEMmanagement console, add the apps that you want to send data throughCylanceGATEWAYtoUEMand assign them to users.Only apps that are assigned to users use theCylanceGATEWAYtunnel. Do not assign the default browser or theCylancePROTECT Mobileapp to users or the device will be unable to establish a tunnel withCylanceGATEWAY.For devices with the "User privacy" and "User privacy - User enrollment" activation types, only assigned internal apps and apps licensed through theAppleVolume Purchase Program use the tunnel.
- Create an activation profile that assigns one of the following activation types:
- MDM controls
- User privacy - User enrollment
- User privacywith VPN management and app management enabled
- Create a VPN profile and include the following settings:SettingDescriptionConnection typeCustomVPN bundle IDcom.blackberry.protectServerThis setting specifies the FQDN or IP address of a VPN server. The value must be 127.0.0.1.Authentication typePasswordPasswordLeave this field blankEnable per-app VPNSelectedDomain settingsSpecify the domains that can establish a connection through theCylanceGATEWAYtunnel. If you specify a domain, assigned apps use the tunnel only for connections to the specified domain. You can specify domains forSafari, Calendar, Contacts, Mail, and domains listed in the apple-app-site-association file. You can also specify domains that never use the tunnel.For devices with the "User privacy" and "User privacy - User enrollment" activation types, if you specify a domain that is not a child of the root domain specified in theServerfield, the device ignores the entire VPN profile, not just the invalid domain.Allow apps to connect automaticallySelect this option to specify that the app can start the connection automatically.Connections through theCylanceGATEWAYtunnel can start only ifCylanceGATEWAYis enabled in theCylancePROTECT Mobileapp on the device.Traffic tunnelingIP layer
- Assign profiles to users and instruct them to activate devices.