Edit

Configure the Azure VPN Client - Azure AD authentication - macOS

  • Article

This article helps you configure a VPN client for a computer running macOS 10.15 and later to connect to a virtual network using Point-to-Site VPN and Azure Active Directory authentication. Before you can connect and authenticate using Azure AD, you must first configure your Azure AD tenant. For more information, see Configure an Azure AD tenant. For more information about Point-to-Site connections, see About Point-to-Site connections.

Note

  • Azure AD authentication is supported only for OpenVPNĀ® protocol connections and requires the Azure VPN Client.
  • The Azure VPN client for macOS is currently not available in France and China due to local regulations and requirements.

For every computer that you want to connect to a VNet using a Point-to-Site VPN connection, you need to do the following:

  • Download the Azure VPN Client to the computer.
  • Configure a client profile that contains the VPN settings.

If you want to configure multiple computers, you can create a client profile on one computer, export it, and then import it to other computers.

Prerequisites

Before you can connect and authenticate using Azure AD, you must first configure your Azure AD tenant. For more information, see Configure an Azure AD tenant.

Download the Azure VPN Client

  1. Download the Azure VPN Client from the Apple Store.
  2. Install the client on your computer.

Generate VPN client profile configuration files

  1. To generate the VPN client profile configuration package, see Working with P2S VPN client profile files.
  2. Download and extract the VPN client profile configuration files.

Import VPN client profile configuration files

  1. On the Azure VPN Client page, select Import.

    Screenshot of Azure VPN Client import selection.

  2. Navigate to the profile file that you want to import, select it, then click Open.

    Screenshot of Azure VPN Client import clicking open.

  3. View the connection profile information. Change the Certificate Information value to show DigiCert Global Root G2, rather than the default or blank, then click Save.

    Screenshot of Azure VPN Client saving the imported profile settings.

  4. In the VPN connections pane, select the connection profile that you saved. Then, click Connect.

    Screenshot of Azure VPN Client clicking Connect.

  5. Once connected, the status will change to Connected. To disconnect from the session, click Disconnect.

    Screenshot of Azure VPN Client connected status and disconnect button.

To create a connection manually

  1. Open the Azure VPN Client. Select Add to create a new connection.

    Screenshot of Azure VPN Client selecting Add.

  2. On the Azure VPN Client page, you can configure the profile settings. Change the Certificate Information value to show DigiCert Global Root G2, rather than the default or blank, then click Save.

    Screenshot of Azure VPN Client profile settings.

    Configure the following settings:

    • Connection Name: The name by which you want to refer to the connection profile.
    • VPN Server: This name is the name that you want to use to refer to the server. The name you choose here does not need to be the formal name of a server.
    • Server Validation
      • Certificate Information: The certificate CA.
      • Server Secret: The server secret.
    • Client Authentication
      • Authentication Type: Azure Active Directory
      • Tenant: Name of the tenant.
      • Issuer: Name of the issuer.

  3. After filling in the fields, click Save.

  4. In the VPN connections pane, select the connection profile that you configured. Then, click Connect.

    Screenshot of Azure VPN Client connecting.

  5. Using your credentials, sign in to connect.

    Screenshot of Azure VPN Client sign in to connect.

  6. Once connected, you will see the Connected status. When you want to disconnect, click Disconnect to disconnect the connection.

    Screenshot of Azure VPN Client connected and disconnect button.

To remove a VPN connection profile

You can remove the VPN connection profile from your computer.

  1. Navigate to the Azure VPN Client.

  2. Select the VPN connection that you want to remove, click the dropdown, and select Remove.

    Screenshot of remove.

  3. On the Remove VPN connection? box, click Remove. Screenshot of removing.

Optional Azure VPN Client configuration settings

You can configure the Azure VPN Client with optional configuration settings such as additional DNS servers, custom DNS, forced tunneling, custom routes, and other additional settings. For a description of the available optional settings and configuration steps, see Azure VPN Client optional settings.

Next steps

For more information, see Create an Azure AD tenant for P2S Open VPN connections that use Azure AD authentication.