Found under Settings → Organization → VPN Access, this section allows administrators to manage and distribute VPN configurations to users and devices in their organization.
Overview
The VPN Access page enables administrators to view, refresh, and distribute secure VPN configurations for their organization. Each listed peer represents a unique device or user authorized to connect to the protected Scout network.
Administrators can grant users access in two primary ways:
- QR Code: Displays a scannable configuration for the WireGuard mobile app.
- Config File: Provides a downloadable
.conffile for desktop or laptop clients.
This ensures that every user connects through an encrypted tunnel to the Scout infrastructure, maintaining a consistent layer of protection across all environments.
How It Works
Scout’s VPN service operates on isolated, tenant-specific infrastructure to ensure privacy and separation between organizations. When you open the VPN Access panel:
- The system retrieves all registered peers for your organization.
- Each entry includes the device or user name, along with available connection options (QR code or config file).
- You can view the QR code in a modal window or download the configuration file for use in a WireGuard-compatible client.
Both the QR and config file contain the same connection parameters (including public key, endpoint, and allowed IPs) providing flexibility for mobile and desktop deployment.
Why It Matters
Distributing and managing VPN access is a critical part of maintaining secure connectivity. Every device that connects through Scout’s VPN benefits from encryption, DNS filtering, and continuous monitoring.
Proper access control ensures that:
- Only approved devices can communicate over the protected network
- Traffic from all users is encrypted and inspected for threats
- Telemetry and incident data remain complete and trustworthy
By maintaining an up-to-date peer list, administrators protect against credential reuse, stale configurations, and unauthorized connections.
Tips and Best Practices
- Use QR codes for quick mobile onboarding; use Download Config for laptops or desktops.
- Regularly review your peer list and remove unused or inactive configurations.
- If a device is lost or compromised, delete its peer entry and issue a new one.
- Record changes and access actions in the Audit Log for traceability.
- Encourage users to label their peers descriptively (for example, “Alex-Laptop” or “Sales-Phone”) for easier management.
VPN configuration changes take effect immediately. Devices using outdated peer files must reconnect using the latest configuration to maintain access.