browse
Overview
You can configure the Cisco Secure Client to automatically launch on managed Android devices in your organization through your MDM. During the initial deployment of the client, users will be prompted with a series of pop-up windows to accept the app's configuration on their device. In this article, we explain how to auto-accept the VPN connection for Umbrella and SEULA (Software End User License Agreement) requests within MDMs such as Cisco Meraki and Microsoft Intune, eliminating the need for user intervention.
Note: In this article, we explain how to deploy the Cisco Secure Client on Android devices using zero-touch deployment in Workspace One.
Which settings are impacting the initial launch of the application?
1) VPN Connection Request for Umbrella: You must accept the connection request by clicking “OK” for the Umbrella protection to start upon opening the app. You can automatically accept the VPN Connection Request for Umbrella property on the device by enabling the Always-on VPN settings in your MDM.
2) SEULA (Software End User License Agreement): You can automatically accept the SEULA agreement on the device by setting the accept_seula_for_user
property key to true
in the Managed App Configuration within the MDM.
Enabling auto-accept for VPN and SEULA pop-up requests with Cisco Meraki MDM
These are the steps you should take for an Android OS fresh installation:
- Configure the Cisco Secure Client application in MDM and deploy it to the device.
- Enable "Always-On VPN" through MDM settings without enabling "Lockdown". If "Lockdown" cannot be disabled, then "Always On VPN" should also be turned off. Otherwise, the applications will not load properly.
- Push the Cisco Secure Client configuration properties to the application.
- Verify installation and running status of Cisco Secure Client (You can verify that the key icon is displayed in the notification panel for the VPN session created by the Secure Client).
- Test blocked website access to confirm proper functionality. Ensure you're using a work profile browser as it won't touch non-work browser applications. If needed, deploy the Chrome application within your work profile for testing purposes.
MDM configurations can auto-accept VPN and SEULA requests without user interaction. See the screenshots below for steps in Cisco Meraki MDM.
"Enable Always-On VPN for Umbrella protection only" can be set as shown in the screenshot below. If you exclusively use Umbrella for VPN and do not utilize any other VPN services on your Android device, configure "vpn_always_on_umbrella_only" to ensure the VPN is always active specifically for Umbrella. However, if you use other VPNs as well, you should still enable "VPN Always On" but not restrict it to Umbrella only.
Enabling the "accept_seula_for_user" property in the Cisco Secure Client's managed configuration allows for auto-acceptance of the SEULA agreement. This setting is independent of the "Always-On VPN" configuration.
The application installs seamlessly without requiring users to accept the VPN connection requests or SEULA pop-ups.
Important note: If the application is launched prior to configuring and pushing "Always-On VPN" to the device, you will still get the VPN connection request pop-up. Pushing the "Always-On VPN" configuration afterward via MDM will not prevent this pop-up from appearing. However, SEULA will be auto-accepted and websites will remain blocked according to policy configurations.
Configuring Microsoft Intune MDM to Manage Pop-ups Automatically
- Always-on VPN (work profile level): Enable sets the VPN client to automatically connect and reconnect to the VPN. Always-on VPN connections stay connected or immediately connect when users lock their device, the device restarts, or the wireless network changes.
- VPN client: Choose a VPN client that supports Always On. You have the option to choose either "Cisco AnyConnect" or specify a "Custom" client by entering the package ID of the app in the Google Play store as "com.cisco.anyconnect.vpn.android.avf" (Cisco AnyConnect VPN application specifically for Android devices).