Generic ovpn config file

This has been discussed previously on this forum.    The recommended process is:

• System administrator downloads and installs the VPN client components, which requires privilege.
• System administrator lowers protection on the configuration folder (only) so that non-privileged users can update it, C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config
• Users log into the portal and download the key-update program and run it.   This adds their credentials to the configuration folder.
• System administator removes old credentials when a laptop is turned in, or on another schedule that is acceptable to the organization.

This has been discussed previously on this forum.    The recommended process is:

• System administrator downloads and installs the VPN client components, which requires privilege.
• System administrator lowers protection on the configuration folder (only) so that non-privileged users can update it, C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config
• Users log into the portal and download the key-update program and run it.   This adds their credentials to the configuration folder.
• System administator removes old credentials when a laptop is turned in, or on another schedule that is acceptable to the organization.

I agree on this being the best solution, but TS was specifically saying:

We have mobile tablets that are used by many different users and to add each individual user config will become a management nightmare

In my opinion it's either everyone using the same account (which I would never allow) or choose another VPN protocol. I don't think the SSL solution can work without the user certificates.