Account per VPN

I hope I am in the right place. I have a question about "account via VPN" for my mobileconfig. I found this link on the internet (

Account via VPN is advertised. However, I can not find anything in the VPN Payload Developer Guide. Also I can not find anything on the Internet. I find only App per VPN.

But what about "Account via VPN"? ( does anyone know where I can find the VPN Payload? or does anyone have a piece of code please?

Thanks a lot

Best Regards
Post not yet marked as solved Up vote post of Vetozzz Down vote post of Vetozzz


To set up per-account VPN you install (at least) two payloads. The first is an app layer VPN payload which is documented here. This payload sets up the VPN configuration and assigns is a VPNUUID. The second payload is any of the account payloads, such as an Exchange ActiveSync payload, Mail payload, or CalDAV payload. These account payloads also have a VPNUUID key. If the VPNUUID key of an account payload matches the VPNUUID of an app layer VPN payload, network traffic for that account is routed through that VPN.
  • Hi, I wonder if there is a similar functionality for macOS. I see that macOS account configurations (in this case, ExchangeWebServices) lack VPN UUID.

Add a Comment
Per-account-VPN follows the same concept as Per-App-VPN : you deploy an app-layer-vpn profile (which looks very similar to a VPN payload), and you use VPNUUID key to refer to it (in the profile payload for the service, in the Attributes section of the application - see - for Apps).