Consider mobile VPN options

plans-img Available on all plans

deployment-img Cloud and self-hosted deployments

Connect to your private network Mattermost instance

You need to set up a way to connect to your private network Mattermost instance, using an external proxy with encrypted transport through HTTPS and WSS network connections.

Depending on your security policies, we recommend deploying Mattermost behind a VPN and using a per-app VPN with your EMM provider, or a mobile VPN client.

Also consider deploying a mobile VPN client with multi-factor authentication (MFA) to your preferred login method, such as GitLab SSO with MFA, or run Mattermost Enterprise Edition with multi-factor authentication (MFA) enabled.

Mobile VPN options

A Virtual Private Network (VPN) allows a device outside a firewall to access content inside the firewall as if it were on the same network.

Note

Some mobile VPN options depend on the requirements of your organization and the demands and/or the needs of your users.

We recommend one of two options: per-app VPN or a device VPN to secure your deployment. Both options are compatible with most EMM providers.

We also recommend you review the following commonly-asked questions about data security on mobile devices:

Per-app VPN

A common approach is to use a per-app VPN. This provides a connection to the VPN when needed (on-demand). If using a per-app VPN with Mattermost, you can configure the following options:

  • useVPN: Mattermost waits until the connection to the VPN server is established before making any requests (otherwise they will fail). This is only supported on iOS as Android OS cannot support waiting. It still works but the first connection attempt may fail.

  • timeoutVPN (iOS only): How long to wait for the connection to the VPN server before trying.

Device VPN

With this option, all internet traffic routes through the VPN specified in the profile. This could cause issues for personal applications.

Connect via corporate proxy server

Review the following commonly-asked questions about connecting through a corporate proxy server: