Enable Auto-Accept for VPN and SEULA in Secure Client on Android via MDM

Available Languages

Download Options

PDF (1.2 MB)
View with Adobe Reader on a variety of devices
ePub (1.3 MB)
View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle) (727.0 KB)
View on Kindle device or Kindle app on multiple devices

Updated:October 29, 2025

Document ID:225329

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes how to configure Cisco Secure Client to automatically accept VPN and SEULA prompts to manage pop-ups.

Overview

You can configure Cisco Secure Client to launch automatically and accept essential VPN and SEULA (Software End User License Agreement) pop-up prompts without user interaction on Android devices using MDM solutions such as Cisco Meraki and Microsoft Intune. By enabling Always-On VPN and setting the SEULA acceptance property in your MDM, you eliminate the need for users to respond to VPN connection and SEULA pop-ups during initial deployment.

Note: For zero-touch deployment with Workspace One, see our documentation: Deploy the Android Client: VMware Workspace ONE

Settings Impacting Initial Launch

VPN Connection Request for Umbrella:
- The device must accept a connection request for Umbrella protection to start.
- You can auto-accept this by enablingAlways-On VPNin your MDM configuration.
SEULA Acceptance:
- The SEULA agreement must be accepted for the app to function.
- Set theaccept_seula_for_userproperty key totruein the Managed App Configuration in your MDM.

Configure Auto-Accept in Cisco Meraki MDM

Complete these steps for a fresh Android installation:

Configure and deploy the Cisco Secure Client application in your MDM.
EnableAlways-On VPNin MDM settings (do not enable Lockdown).
- If Lockdown cannot be disabled, Always-On VPN must also be turned off.
Push the Cisco Secure Client configuration properties to the application.
Verify installation and the VPN connection status (look for the key icon in the notification panel).
Test access to blocked websites to confirm Umbrella policy enforcement. Use a browser within the work profile for testing.
- Enable "Always-On VPN for Umbrella protection only" by setting thevpn_always_on_umbrella_onlyproperty.
  - Use this setting if Umbrella is your only VPN.
  - If using other VPNs, enable "VPN Always On" without restricting to Umbrella.
Enableaccept_seula_for_userto auto-accept the SEULA agreement. This is independent of the Always-On VPN setting.

Important: If you launch the app before pushing the Always-On VPN configuration, the VPN connection request pop-up will still appear. Ensure Always-On VPN is configured and pushed before first launch to prevent this.

Configure Auto-Accept in Microsoft Intune

Create a VPN profile and a device restrictions profile with the Always-On VPN setting enabled.
Assign these profiles to your target groups.
Select a VPN client that supports Always-On. You can choose either "Cisco AnyConnect" or specify a "Custom" client by entering the package ID of the app in the Google Play store as "com.cisco.anyconnect.vpn.android.avf" (Cisco AnyConnect VPN application specifically for Android devices).
Set the SEULA acceptance property and Always-On VPN.