Configure the Pulse Connect Secure gateway

This configuration consists of three parts:

Configure a new authentication server

Create a User Realm

Modify or Confirm the Sign-in Policies

Before you begin

  • Ensure that you have the common UDP port and secret key values available.

Configure a new authentication server

  1. Sign in to the Pulse Connect Secure Administrator Sign-In Page with sufficient privileges.
  2. Go to AuthenticationAuth Servers,
  3. Click New, and then click New Server to define a new authentication server.

    Alternatively, you can edit an existing RADIUS server by selecting it from the list of authentication servers.

  4. Enter the following values to create a New RADIUS Server.
    Name

    Unique name (for example, Okta)

    NAS Identifier

    Optional

    RADIUS ServerIP or Name of Okta RADIUS Server Agent
    Authentication PortThe UDP port
    Shared SecretThe secret to access the port
    Server AddressIP or name of Okta RADIUS Server Agent
    Accounting PortRequired, but any value is acceptable
    NAS IPv5 AddressOptional. Shows in the Okta logs, if defined
    TimeoutRecommended: 60 seconds
    Retries1
  5. Optionally. Repeat the settings for a backup server, if required and available.
  6. Ignore the RADIUS Accounting section.
  7. Expand the Custom RADIUS Rules dropdown list, and then click New RADIUS Rule.

  8. The following page appears.

  9. Enter the following values to create a Custom RADIUS Rule.
    Name Unique name (for example, Okta Challenge Rule).
    If received Radius Response PacketSelect Access Challenge.
    Attribute Criteria

    Radius Attribute: select Reply-Message (18).

    Operand: select matches the expression.

    Value: leave blank.

    Then take actionSelect show Generic Login page.
  10. Click Save Changes.
  11. Ignore any warnings that the rule isn't specific.
  12. Click Save Changes for the new authentication server.

Create a User Realm

  1. Go to UsersUser Realms.

  2. From the Overview view, click New.

    Alternatively, you can edit an existing authentication realm by selecting it from the list.

  3. Enter the following values to create a New Authentication Realm.
    Name Unique name (for example, Okta).
    DescriptionOptional. Use any desired description.
    Authentication

    Okta (or the authentication server name your created earlier).

    User/Directory AttributeSelect Same as Above from the dropdown list.
    AccountingSelect None from the drop-down list.
    Device AttributesSelect None from the dropdown list.
  4. Click Save Changes.
  5. Optional. Click the Role Mapping tab, and then select Role Mapping from the top menu. The following page appears:

    Define user attribute-driven role assignments. Combine this with Advanced Radius settings to enforce dynamic roles for users.

Modify or Confirm the Sign-in Policies

  1. Go toAuthenticationSigning InSign-in Policies.

  2. Identity the Sign-in Policy to modify or confirm and click the URL to confirm or edit its selected realms.

  3. Expand the Authentication realm section of the policy detail page and make changes as needed.