Log in links for this page

This page, Commonwealth VPN FAQs, is part of
This page, Commonwealth VPN FAQs, is offered by

Commonwealth VPN FAQs

This page addresses FAQs (frequently asked questions) about Commonwealth VPN, including the requirement for MFA, how to update an old VPN client, and how to determine if you are using VPN to connect to the Commonwealth network.

Table of Contents

What is the difference between MFA and VPN?

Multi-factor authentication (MFA) is a security mechanism that verifies a user's identity by requiring multiple credentials.  A virtual private network (VPN) establishes an encrypted tunnel for data to be securely transmitted so that remote users can communicate confidentially over a public network (the internet).

In other words, MFA verifies the identity of the user, and VPN sets up a secure way for the user to talk to the Commonwealth network.

Additional Resources

What is Multi-factor Authentication (MFA)?

Multi-factor authentication (MFA) is a security mechanism that verifies a user's identity by requiring multiple credentials (something the user knows or has (password), and something the user doesn’t know or have (code sent via email/text/call/application/security token).

Typical examples of multi-factor authentication:

  • A user enters a password and a code received via text message
  • A user types in a code on their phone after receiving a phone call for authentication
  • A user enters a password and a code from an authenticator application

Additional Resources

Why do I need MFA?

Passwords are becoming increasingly vulnerable to hacking. In addition, new technology and recycled passwords for multiple accounts means information online can easily be compromised.   MFA is an important part of our efforts to keep the Commonwealth’s information and assets safe and secure, by making it more difficult for attackers to access our systems with login credentials obtained by phishing, guessing, or theft. You must be enrolled in MFA in order to use VPN.

Additional Resources

What are my options for setting up MFA?

There are three options available for MFA: text message, smart phone application (Google or Microsoft authenticator), and phone call.

Additional Resources

How long should it take me to set up MFA?

It should take approximately 5-10 minutes from start to finish.

Additional Resources

Is MFA required in order to use the Commonwealth VPN?

Yes.  Click here for more information on MFA, including how to enroll and install.

Additional Resources

What is a Virtual Private Network (VPN)?

A Virtual Private Network (VPN) enables remote users to communicate securely and confidentially over a public network (i.e. internet) to protected resources within the Commonwealth of Massachusetts and its Wide-Area-Network (MAGNET).  Remote Access VPN establishes an encrypted tunnel for all data to be securely transmitted so that remote users can communicate confidentially over a public network—i.e., the Internet. 

Additional Resources

What Commonwealth tools can be accessed without a VPN connection?

Additional Resources

Why would I need a VPN connection?

A VPN connection is required in order to access certain Commonwealth applications and services while you are not connected to the Commonwealth network.  Users may require a VPN connection in order to access the MMARS application, network or group shares, or other Commonwealth applications or services that are not publicly accessible.  IT application support staff, developers, and/or other IT personnel/administrators may require a VPN connection to access services that reside in the Commonwealth datacenter.

Additional Resources

How do I know if I am using a VPN to connect to Commonwealth applications and services?

Anyone who needs a VPN connection to access Commonwealth applications and services will already have a version of the Pulse Secure client installed on their laptop.  Those users need to initiate the Pulse Secure VPN client before they are able to access Commonwealth applications and services. 

Additional Resources

How do I know if I am using the Verizon VPN client or the Commonwealth VPN client?

Section 2 of the instructions provided below describes how you can tell if the Verizon VPN client is installed on your PC.  Basically, if the Verizon VPN client is installed on your PC, you will see “Pulse Secure 5.1” in the list of Apps and Features.  The Commonwealth VPN client is version 9.1.xxx.

Instructions can be found here.

Additional Resources

What do I do if I am still using the Verizon VPN client?

If you are currently using the Verizon VPN client, you must set up the Commonwealth VPN client by June 30, 2020.  After June 30, 2020, you will no longer be able to connect to Commonwealth applications and services using the Verizon VPN platform.
If you are already using the Commonwealth VPN client, no action needs to be taken.

If you are currently using the Verizon VPN platform, your account has already been migrated and you must complete the process by installing the Commonwealth VPN client.

Commonwealth-issued devices:

If you are using a Commonwealth-issued device, you will complete the installation via Software Center.  Instructions can be found here.

If you are using a Commonwealth-issued device but you do NOT have/are unable to find Software Center, please reach out to the EOTSS End User Service Desk for assistance.

All other devices:

If you are using a personal or “BYOD” device, please follow the instructions found in the Mass Telework Knowledge Base:

Additional Resources

How do I use the Commonwealth VPN client?

First time using Commonwealth VPN?  Click here for more information on how to use the Commonwealth VPN platform, including how to log in, best practices and limitations.

Additional Resources

Is the Commonwealth VPN client available for Windows 7 PCs?

Only if the device is Commonwealth-issued.  Personal and “BYOD” devices must be running either Windows 10 or Mac OS 10.14 (Mojave) or 10.15 (Catalina). Click the link above for more information on personal and “BYOD” device requirements.

Additional Resources

I’m a non-Commonwealth employee. Why does my wifi disconnect when I am using the Commonwealth VPN?

It doesn’t – it just looks that way! For security reasons, non-Commonwealth employees using the Commonwealth VPN are not allowed to access the internet while connected to the Commonwealth VPN – this is why your PC shows as disconnected while using VPN.  However, your PC is still connected to wifi – your PC needs an internet connection in order to initiate and maintain a VPN tunnel back to the Commonwealth network.  You should disconnect from the Commonwealth VPN if you need to access internet-based applications and services; you may reconnect once you are ready to access the Commonwealth network.

I do not see a designated employee group for my Secretariat/Agency. Do I need one?

Not necessarily.  Unless you have a user or group of users whose needs are not met through the general employee group, your users should be added to the general employee VPN group.

Additional Resources

The error "Unable to launch application..." pops up when trying to open Pulse. What does this mean?

"Unable to launch application – You do not have access to this application or this application has been removed."

This means one of two things: either Pulse is attempting to log in with bad stored credentials (when this happens, you are NOT prompted to enter log in information), or you do not have the correct VPN Role assigned to your account in the iDaptive/Centrify admin portal.

The section “COMMON ERRORS and how to troubleshoot” of the instructions provided below describes how you can troubleshoot.  Basically, open Internet Explorer, navigate to the “General” tab under Tools -> Internet options.  Click Delete” under browser history, uncheck “Preserve Favorites website data”, then click “Delete”.  Close all internet browsers and the Pulse Secure client.  You should now be prompted to log in when you open Pulse Secure.

If clearing your browsing history does not work, please reach out to the EOTSS End User Service Desk to resolve this issue.

Instructions can be found here.

How do I get help?

For more information on VPN, check out our Commonwealth VPN service page on mass.gov. 

For more information on MFA, check out the EOTSS MFA FAQ page on mass.gov.

The EOTSS End User Service Desk may be reached either by phone at 844-435-7629 or online by logging in to the ServiceNow portal.

Additional Resources

Contact

Phone

EOTSS End User Service Desk (844) 435-7629

24x7x365 support for Commonwealth end users

CommonHelp IT Service Desk (866) 888-2808

for agency/Secretariat IT help desks and support personnel

Online

EOTSS End User Service Desk Log in to ServiceNow 
CommonHelp IT Service Desk commonhelp.desk@mass.gov
Feedback