Deploy the GlobalProtect Mobile App Using Workspace ONE
You can deploy the GlobalProtect app to managed endpoints that are enrolled with Workspace ONE.
Endpoints running iOS or Android must download the Workspace ONE agent to enroll
with the Workspace ONE MDM. Windows 10 endpoints do not require the Workspace ONE
agent but require you to configure enrollment on the endpoint. After you deploy the
app, configure and deploy a VPN profile to set up the GlobalProtect app for end
. If you searched for the app in the
endpoint app store, you must also
from a list of search results, and then
to configure deployment options.
If you searched for the GlobalProtect app for Android and did not
see the app in the list, contact your Android for Work
administrator to add GlobalProtect to the list of approved
company apps or use the app URL in the Google Play Store.
Configure deployment options for the GlobalProtect app:
If you added the app previously but did
not assign the app to any Smart Groups, select the GlobalProtect link from
the list of apps (
). In the Details View, select
tab, specify the following
for the assignment.
Select one or more
will have access to the GlobalProtect app.
App Delivery Method
, which pushes the app to the
device automatically, or
deploys the app when needed.
GlobalProtect App for iOS or Android only
) On the
tab, enable the
application configuration to use the UDID to identify the
and specify the settings in
the application configuration that are relevant for your
—IP address or fully
qualified domain name (FQDN) of the portal.
—Username for portal
—Password for portal
certificate for portal authentication.
—Passphrase for the client
—Begin the string with
by a colon, and follow it with an array of app names
separated by semicolons. The block list or allow
list enables you to control which application
traffic can go through the VPN tunnel in a per-app
VPN configuration (for example,