You need to set up a way to connect to your private network Mattermost instance, using an external proxy with encrypted transport through HTTPS and WSS network connections.
Depending on your security policies, we recommend deploying Mattermost behind a VPN and using a per-app VPN with your EMM provider, or a mobile VPN client.
Also consider deploying a mobile VPN client with multi-factor authentication (MFA) to your preferred login method, such as GitLab SSO with MFA, or run Mattermost Enterprise Edition with multi-factor authentication (MFA) enabled.
A Virtual Private Network (VPN) allows a device outside a firewall to access content inside the firewall as if it were on the same network.
Some mobile VPN options depend on the requirements of your organization and the demands and/or the needs of your users.
We also recommend following our recommended steps to secure your deployment and to review the following commonly-asked questions about data security on mobile devices:
A common approach is to use a per-app VPN. This provides a connection to the VPN when needed (on-demand). If using a per-app VPN with Mattermost, you can configure the following options:
useVPN: Mattermost waits until the connection to the VPN server is established before making any requests (otherwise they will fail). This is only supported on iOS as Android OS cannot support waiting. It still works but the first connection attempt may fail.
timeoutVPN (iOS only): How long to wait for the connection to the VPN server before trying.
Review the following commonly-asked questions about connecting through a corporate proxy server: