User Configuration Profiles

User Configuration Profiles allows you to create profiles with custom settings and apply them to member groups and devices.

Adding a Configuration Profile

1. Access the Harmony SASE Administrator Portal and click Team > User Profiles.

2. Click Add Configuration Profile.

3. In the Profile Name field, enter a name for the profile.

   

4. (Optional) In the Description field, enter a description for the profile.

5. In the Assigned to field, select the member groups.

6. Configure Web Platform Configuration and Agent Configuration.

7. Click Add Profile.

The order of the profile indicates its priority. For example, Profile #1 has higher priority than Profile #2.

Web Platform Configuration

The Web Platform Configuration settings allows the administrators to configure settings for the Harmony SASE Administrator Portal.

General Configuration

In the Automatically log out web platform after field, enter the duration after which the system automatically logs out the member from the Harmony SASE Administrator Portal. The supported duration is one hour to 60 days.

Agent Configuration

The Agent Configuration settings allows the administrators to configure settings for the Harmony SASE Agent.

General Configuration

From the General Configuration section of the Agent Configuration, you can configure the basic settings for your Harmony SASE Agent.

Setting	Description
Disable Sign-Out	Prevents members from signing out of the Harmony SASE Agent without the sign-out code. The administrator must generate the sign-out code and share it with the member to successfully sign-out from the Harmony SASE Agent. See Generating Sign-Out Code.
Automatically Log Out Agent After	Logs out the member from the Harmony SASE Agent automatically after the specified duration. The supported duration is one hour to 180 days.
[DEPRECATED] Shared Network	Allows members to connect to shared Harmony SASE gateways. This enhances speed and performance if the member's physical location is far from your private gateway location. For more information about shared networks, see [DEPRECATED] Shared Gateways .
Connect on Launch	Automatically starts the Harmony SASE Agent when the device starts and connects to the most recent network location. Notes: This setting applies only to Windows and macOS devices. The member can modify this setting from their device.
Connect / Disconnect Notification	Shows a pop-up notification on the device when the Harmony SASE Agent connection status changes. Notes: This setting applies only to Windows and macOS devices. The member can modify this setting from their device.
Snowplow Report	Allows you to send the Snowplow (user tracking) data to Harmony SASE.

Agent Upgrades

Agent Upgrades allows you to control how to perform Harmony SASE Agent upgrades when new versions are released.

To control how to perform Harmony SASE Agent upgrade:

1. Go to Team > User Profiles.

2. Open a user profile with the required group of members or create a new user profile. See Adding a Configuration Profile.

3. Scroll-down to the Agent Upgrades section.

   

4. Select the option required for Windows, Mac, and Linux.

   • Automatic Silent: Automatically upgrades the Harmony SASE Agent when new version is available.

   • Notify Users: Notifies the user about the new version.

   • Disabled: Does not upgrade the Harmony SASE Agent.

5. To automatically upgrade the Harmony SASE Agent while notifying the member, turn on the Enforce updates when notifying users toggle button.

6. Click Apply.

Network Configuration

Network Configuration allows you to configure the network settings for your Harmony SASE Agent.

Feature	Description
Automatic VPN Connection 1	Automatically connects to the VPN when an internet connection is available.
Always-On VPN	Automatically connects to the VPN when an internet connection is available.
Kill Switch 1	Automatically disconnects internet connection when the VPN disconnects.
Trusted Routers (Always-On Exceptions) 1, 2	Bypasses Harmony SASE VPN if you have a trusted router and connects directly to your network. To add trusted routers: Click Add Trusted Router. In the Name field, enter the router name. In the Router MAC Address field, enter the router MAC address. Click Add. To add multiple routers, repeat steps 1 to 4. Click Apply.
Automatic Wi-Fi Security 1	The Harmony SASE Agent automatically connects to Harmony SASE VPN if the device connects to an unsecured Wi-Fi.
Trusted Wireless Networks (Automatic Wi-Fi Security Exceptions) 2	Harmony SASE Agent does not enable Automatic Wi-Fi Security if the device connects to a trusted Wi-Fi network. To add trusted Wi-Fi network: Click Add Wi-Fi Network. In the Name field, enter the SSID of the network. Click Add. To add multiple trusted Wi-Fi networks, repeat steps 1 to 3. Click Apply.

¹ The member can modify this setting on their device.

² This setting applies only to Windows and macOS devices.

Windows

Allows you to define the settings for Windows devices running the Harmony SASE Agent.

To configure the default protocol:

1. Click the drop down next to Default Protocol.

2. Select the protocol:

   • WireGuard

   • OpenVPN

3. Click Apply.

Use VPN Interface DNS

Sets the device DNS server as the Harmony SASE server. The agent uses this DNS server for DNS requests specified on the VPN network interface.

If this is disabled, then the DNS resolver is set to the DNS used by your local adapter. This is useful if you use other DNS providers.

Note - The member can modify this setting on their device.

Notify Reconnect

The Harmony SASE Agent automatically notifies upon reconnecting with the network.

Note - The member can modify this setting on their device.

Android / Chromebook

From the Android / Chromebook settings, the administrators can control the settings for the Harmony SASE Agent running on Android or Chromebook devices.

Default Protocol

To configure the default protocol:

1. Click the drop down next to Default Protocol.

2. Select the protocol:

   • WireGuard

   • OpenVPN

3. Click Apply.

Mac

From the Mac settings, the administrators can control the settings for the Harmony SASE Agent running on macOS.

To configure the default protocol:

1. Click the drop down next to Default Protocol.

2. Select the protocol:

   • WireGuard

   • OpenVPN

3. Click Apply.

Use VPN Interface DNS

Sets the device DNS server as the Harmony SASE server. The agent uses this DNS server for DNS requests specified on the VPN network interface.

If this is disabled, then the DNS resolver is set to the DNS used by your local adapter. This is useful if you use other DNS providers.

Note - The member can modify this setting on their device.

iOS

From the iOS settings, the administrators can control the settings for the Harmony SASE Agent running on iOS devices.

Auto Reconnect

Automatically reconnects all the iOS agents to the VPN if the session disconnects or the device connects to Wi-Fi or 3G networks that do not require login credentials.

Note - The member can modify this setting on their device.

Trusted Environment