The VPN Notification feature alerts end users when a VPN connection is required to connect to an app. These notifications are customizable and are disabled by default.
Note: The VPN notification does not appear if the end user has selected the Auto-launch option in the app chiclet General settings. Screenshot
To access the VPN Notification feature, do the following:
- From the Administrative Dashboard, click the Applications drop-down menu.
- From the Applications page, scroll down to the VPN-required app, and click the appropriate app to view the app page.
- Go to the General tab.
- Scroll down to the VPN Notification section.
- Click Edit.
From here, you can specify your VPN accessibility requirements, create a custom message, and optionally include a URL that can point to detailed VPN instructions.
VPN Required NotificationThe drop-down menu allows you to specify when to display a VPN notification for VPN-required apps.
- Disabled – The default state. Retain this setting for apps that do not require a VPN connection.
- Inside Any Zones – Displays VPN connection information only when a browser's client IP matches the configured Zones. The notification appears before the end-user can access the app.
- Outside Any Zones – Displays VPN connection information only when the browser's client IP does not match the configured Zones. The notification appears before the end-user can access the app.
- Anywhere – Displays VPN connection information regardless of the browser's client IP. The notification appears before the end-user can access the app.
MessageUse this field to write a custom message to your end users such as Have you signed into the VPN?.
Optional Help URLUse this optional field to provide a Help page URL to assist your end users in signing into your company VPN. If you are using Juniper IVE as the VPN, this is where you can insert an embed link for the Juniper IVE SAML app.
Using an Outsize Any Zones Option with Split-Tunneling VPNsSplit-tunnel VPNs are configured to direct traffic through the VPN for specific app URLs only. Browsing to a public site like Okta.com would not go through the VPN. This means that the client IP, as seen by Okta, does not change when the user has started the VPN.
To correctly use this option, make sure the split-tunnel VPN is configured to direct traffic to Okta.com through the VPN. To do this, add some specific Okta IP addresses (see Configuring Firewall Whitelisting) to the split-tunnel VPNs configuration.