Configure the GlobalProtect App for iOS

While a third-party MDM system allows you to push configuration settings that allow access to your corporate resources and provides a mechanism for enforcing endpoint restrictions, it does not secure the connection between the mobile endpoint and the services to which it connects. To enable the app to establish secure connections, you must enable VPN support on the endpoint.
The following table describes typical settings that you can configure using your third-party MDM system:
Connection Type
Type of connection enabled by the policy.
Custom SSL
Identifier for the custom SSL VPN in reverse DNS format.
Host name or IP address of the GlobalProtect portal.
<hostname or IP address>
For example:
User account for authenticating the connection.
User Authentication
Authentication type for the connection.
Certificate | Password
(Certificate User Authentication only) Credential for authenticating the connection.
For example: clientcredial.p12
Enable VPN On Demand
(Optional) Domain and hostname that establish the connection and the on-demand action:
  • Always establish a connection
  • Never establish a connection
  • Establish a connection if needed
<domain and hostname and the on-demand action>
For example:; Never establish

Related Documentation