Set up VPN notification

The VPN notification feature alerts end users when a VPN connection is required to connect to an external application. These notifications are customizable and are disabled by default.

The VPN notification doesn't appear if the end user has selected the Auto-launch option in the General settings of the app integration.

To access the VPN notification feature:

  1. In the Admin Console, go to Applications > Applications.
  2. Select the General tab of the app integration that requires a VPN.
  3. Scroll down to the VPN Notification section.
  4. Click Edit.

From here, you can specify your VPN accessibility requirements, create a custom message, and optionally include a URL with detailed VPN instructions. See below for details about these options.

VPN Required Notification

Use this drop-down menu to specify when to display a VPN notification. The notification appears before the end-user can access the external application.

  • Disabled: The default state. Retain this setting for external applications that do not require a VPN connection.
  • Inside Any Zones: Displays VPN connection information only when a browser's client IP matches the configured Network Zones.
  • Outside Any Zones: Displays VPN connection information only when the browser's client IP does not match the configured Network Zones.
  • Anywhere: Displays VPN connection information regardless of the browser's client IP.

Message

Enter a custom message to your end users that is displayed when they are prompted to start the VPN. For example:

Have you signed in to the VPN?

Optional Help URL

Use this optional field to provide a Help page URL to assist your end users in signing into your company VPN.

If you are using Juniper IVE as your VPN, this is where you can insert an embed link for the Juniper IVE SAML app.

Using Split-Tunneling VPNs

Split-tunnel VPNs are configured to direct traffic through the VPN only for specific application URLs, so general traffic to a public site like www.okta.com would not go through the VPN. This means that the client IP address as seen by Okta does not change when the user has started the VPN.

To correctly use this option, make sure the split-tunnel VPN is configured to direct traffic to www.okta.com through the VPN. To do this, add specific Okta IP addresses (see the Allow access to Okta IP addresses) to the split-tunnel VPN configuration.