VPN Notifications

The VPN Notification feature alerts end usersEnd users are people in your org without administrative control. They can authenticate into apps from the icons on their My Applications home page, but they are provisioned, deprovisioned, assigned, and managed by admins. when a VPN connection is required to connect to an appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in.. These notifications are customizable and are disabled by default.

Note: The VPN notification does not appear if the end user has selected the Auto-launch option in the app chiclet General settings. ClosedScreenshot

To access the VPN Notification feature, do the following:

  1. From the Administrative Dashboard, click the Applications drop-down menu.
  2. From the Applications page, scroll down to the VPN-required app, and click the appropriate app to view the app page.
  3. Go to the General tab.
  4. Scroll down to the VPN Notification section.
  5. Click Edit.

From here, you can specify your VPN accessibility requirements, create a custom message, and optionally include a URL that can point to detailed VPN instructions.

VPN Required Notification

The drop-down menu allows you to specify when to display a VPN notification for VPN-required apps.


Use this field to write a custom message to your end users such as Have you signed into the VPN?.

Optional Help URL

Use this optional field to provide a Help page URL to assist your end users in signing into your company VPN. If you are using Juniper IVE as the VPN, this is where you can insert an embed link for the Juniper IVE SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. app.

Using an Outsize Any Zones Option with Split-Tunneling VPNs

Split-tunnel VPNs are configured to direct traffic through the VPN for specific app URLs only. Browsing to a public site like Okta.com would not go through the VPN. This means that the client IP, as seen by Okta, does not change when the user has started the VPN.

To correctly use this option, make sure the split-tunnel VPN is configured to direct traffic to Okta.com through the VPN. To do this, add some specific Okta IP addresses (see Configuring Firewall Whitelisting) to the split-tunnel VPNs configuration.