Is anyone aware whether there are any differences in the per-app VPN behavior when an app utilizes WKWebView vs SFSafariViewController libraries?
Full disclosure, I'm not an iOS developer, but trying to understand the behavior to understand the limitations we may have in developing practical solutions.
We frequently run into the business requirement to limit access to a specific 3rd party (SaaS) resource only via the SaaS's native iOS application, so we deploy the app via MDM with an attached per-app VPN policy. The browser-based authentication flow in the app occasionally seems to bypass the attached per-app VPN configuration, however if we use the Per-App VPN "Safari URLs" setting, the traffic will be passed over the VPN.
Does this behavior (bypassing per-app VPN policy) relate to which of these web libraries are used? We do not want to share authentication tokens with the system's Safari browser.