Deploying the TMWS Agent App on iOS/iPadOS

Deploy the TMWS Agent app onto individual iOS or iPadOS devices, or use Microsoft Intune to deploy the app to the managed mobile devices of your organization in batches for centralized device management.

Once deployed,

  • The TMWS Agent app is installed on the device.

  • A configuration profile is added to enforce the use of a PAC file for HTTP/HTTPS traffic forwarding to TMWS.

  • The TMWS certificate is deployed to the device.

  1. Go to Administration > SERVICE DEPLOYMENT > Enforcement Agent.
  2. On the Enforcement Agent page, configure the following settings:
    • Agent platform: Select iOS/iPadOS.

    • Hosted PAC file: Select a PAC file from the drop-down list.

      TMWS provides a default PAC file for use on iOS/iPadOS. The PAC files already created on the PAC Files screen are also listed. For more information on adding a PAC file, see PAC Files.


      Once selected, the PAC file will be used in the TMWS Agent app.

      If you modify the content of the selected PAC file or choose another PAC file, it will take a few minutes for the update to take effect. If there are users who encounter network connection issues because of this, instruct them to disconnect and re-connect in the TMWS Agent app.

    • Company token: Click Generate Company Token to generate a token.

      You will need this token later if you use Microsoft Intune to manage applications and devices in your organization.

  3. Choose one of the following to deploy the TMWS Agent app to the required Apple devices.
    • If you do not use Microsoft Intune for mobile device management (MDM), perform the following:

      1. Check whether your domain is already in use by another organization: go to Administration > SERVICE DEPLOYMENT > PAC Files and check whether A unique port has been assigned is displayed on the page.

        If yes, go to Administration > SERVICE DEPLOYMENT > Mobile VPN, provide the QR code under the Mobile VPN end user portal section to users, and instruct users to scan the QR code to get the user portal address.

      2. Provide the TMWS cloud root CA certificate for the users to get or download to their Apple devices.

      3. Instruct users to visit Configuring iOS/iPadOS Devices Through the TMWS Agent App for how to install and configure the TMWS Agent app on their devices.

    • If you use Microsoft Intune, perform the following:

      1. Enroll the managed iOS/iPadOS devices into Microsoft Intune.

        For more information, see the Microsoft documentation.


        Because the TMWS Agent app requires user affiliation, make sure you have enrolled the devices with user affinity.

      2. Add the TMWS Agent app to Microsoft Intune.

      3. Add an app configuration policy for the managed iOS/iPadOS devices.

      4. Add a configuration profile for the managed iOS/iPadOS devices.

      5. Configure the TMWS Agent app on the managed iOS/iPadOS devices.