If you wish to configure VPN connection only for selected apps in iOS you can use per-App VPN feature. This option is included in iOS general profile configuration. You can find it in ADVANCED > Config Center > Configurations tab.

Add new configuration or select existing one and select from the menu iOS general profile configuration. You have many possibilities to configure iOS settings here, but the option that you’re looking for is VPN configuration. Click Add item and configure VPN connection.

Depending on the protocol you choose, some settings may vary. Per-App VPN is available for following protocols:

  • Cisco AnyConnect

  • Pulse Secure

  • F5 SSL

  • Check Point Mobile

  • Aruba VIA

  • SonicWALL Mobile Connect

  • IKEv2

  • Custom SSL

NOTE: In order for the connection to work properly, you should download the appropriate VPN client from the store.

To force certain apps to connect through VPN select Yes from the drop-down menu.

Click Add item and provide the Application bundle ID. You can also select to start a VPN connection automatically (silently, without the user's confirmation) or manually (requires user’s confirmation).

NOTE: Usual bundle ID is com.CompanyName.AppName e.g. com.apple.AppStore. Bundle IDs are case sensitive.

For several protocols additional features are available:


Available for:

Tunnel the traffic at

Cisco AnyConnect


Safari web domains

(triggers VPN for chosen domains) 


Once the connection is properly configured click Save and implement it in your iOS policy.