Configure VPN Profiles

  • The OMM menu is only available to orgs that implement Okta Mobility Management (OMM).
  • Procedures documented on this page are only available to customers who have already purchased OMM for their organization. New OMM sales are not supported. For more information, contact Okta Support.

This is an Early Access feature. To enable it, please contact Okta Support.

Okta Mobility Management (OMM) can provision password-based, device-wide, VPN configurations directly to devices without requiring IT to duplicate infrastructures or implement application proxies and gateways. Okta uses the native VPN capabilities that are built into the mobile operating system to leverage existing VPN solutions and enable easy access to on-premises resources.

Currently, this feature is only available for iOS devices.

  1. In the Admin Console, go to OMM > VPN.
  2. Click Add Device VPN.
  3. Select a VPN client.
    Note: Apple no longer supports PPTP or Juniper VPN options. This is an Apple limitation.
  4. Configure your VPN client as described in one of the following procedures:

​Once VPN configurations (profiles) and the respective VPN mobile apps are pushed to OMM-enrolled devices, users can sign in to VPN and work remotely.

Note: Your VPN password configuration affects how the VPN profiles are pushed:

  • Delegated Authentication: VPN profiles are pushed when users are enrolled.
  • User sets password: VPN profiles are pushed when users are enrolled, an app user is assigned, or a VPN app instance setting changes.
  • Password is same as Okta: VPN profiles are pushed when the user logs on.