Commonwealth VPN Eligibility and Requirements

You are enrolled in Multi-Factor Authentication (MFA)

In order to use the Commonwealth VPN, you must be enrolled in MFA.  Click here for instructions on how to enroll in MFA.

You have been provisioned with the new VPN client

Once the requested VPN has been provisioned, your agency will notify you that you have been given a VPN. If you download the VPN client and are unable to log in, you may need to wait until the VPN has been provisioned for you.

You have a Commonwealth-issued device, a Windows 10 personal device, or a Mac*

Windows 10 devices are required for VPN connections from personal devices to Commonwealth applications and services.

1. EOTSS prohibits the use of Windows 7 or older personal devices because Microsoft no longer provides support or security patches for the older operating system.  Commonwealth-issued devices running Windows 7 are still allowed because EOTSS has purchased extended maintenance and support to cover these devices.
2. *If you have a Mac: For instructions on how to download and install VPN on a Mac, please see Instructions for VPN client install BYOD Mac devices.

You have Local Admin Rights

If you are using a Commonwealth-issued computer, please contact your agency IT service desk for more information. If you are using your personal device, you likely already have local administrator rights.

You have internet access

All users must have an internet connection—e.g., commercial or residential DSL, cable, fios, public kiosk service, public wifi internet, or other internet service.  

You have an EOTSS-supported internet browser

To use the Commonwealth VPN, you are required to use an EOTSS-supported Web browser such as MS Internet Explorer 11, Google Chrome and Firefox. 

Designated Security Officers (DSOs) are designated for every agency utilizing the Commonwealth VPN; only those authorized individuals may request VPN access on behalf of their agency users.  If you do not know who your agency's authorized Security Requester is, please reach out to your agency help desk.

For more information on Designated Security Officers (DSOs), please visit our Designated Security Officers (DSOs) page.

The Commonwealth VPN service is only available to Commonwealth of Massachusetts agencies and their authorized business partners.  The Commonwealth VPN service is available to perform business-related functions and is prohibited for personal use.  Authorized business partners should reach out to the agency's authorized Security Requester to request access to the Commonwealth VPN.