Configure the Pulse Connect Secure gateway

This configuration consists of three parts:

Configure a new authentication server

Create or Modify a User Realm

Modify or Confirm the Sign-in Policies

Before you begin

Ensure that you have the common UDP port and secret key values available.

Configure a new authentication server

  1. Sign in to the Pulse Connect Secure Administrator Sign-In Page with sufficient privileges.
  2. Go to Authentication > Auth Servers,
  3. Click New, and then click New Server to define a new authentication server.

    Alternatively, you can edit an existing RADIUS server by selecting it from the list of authentication servers.

  4. Enter the following values to create a New RADIUS Server.
    Name

    Unique name (for example, Okta)
    NAS Identifier

    Optional
    RADIUS Server IP or Name of Okta RADIUS Server Agent
    Authentication Port The UDP port
    Shared Secret The secret to access the port
    Server Address IP or name of Okta RADIUS Server Agent
    Accounting Port Required, but any value is acceptable
    NAS IPv5 Address Optional. Shows in the Okta logs, if defined
    Timeout Recommended: 60 seconds
    Retries 1
  5. Optionally. Repeat the settings for a backup server, if required and available.
  6. Ignore the RADIUS Accounting section.
  7. Expand the Custom RADIUS Rules dropdown list, and then click New RADIUS Rule.
  8. The following page appears.
  9. Enter the following values to create a Custom RADIUS Rule.
    Name Unique name (for example, Okta Challenge Rule).
    If received Radius Response Packet Select Access Challenge.
    Attribute Criteria

    Radius Attribute: select Reply-Message (18).

    Operand: select matches the expression.

    Value: leave blank.
    Then take action Select show Generic Login page.
  10. Click Save Changes.
  11. Ignore any warnings that the rule isn't specific.
  12. Click Save Changes for the new authentication server.

Create a User Realm

  1. Go to Users > User Realms.

  2. From the Overview view, click New. Alternatively, you can edit an existing authentication realm by selecting it from the list.

  3. Enter the following values to create a New Authentication Realm.
    Name Unique name (for example, Okta).
    Description Optional. Use any desired description.
    Authentication

    Okta (or the authentication server name your created earlier).
    User/Directory Attribute Select Same as Above from the dropdown list.
    Accounting Select None from the drop-down list.
    Device Attributes Select None from the dropdown list.
  4. Click Save Changes.
  5. Optional. Click the Role Mapping tab, and then select Role Mapping from the top menu. The following page appears:

    Define user attribute-driven role assignments. Combine this with Advanced Radius settings to enforce dynamic roles for users.

Modify or Confirm the Sign-in Policies

  1. Go to Authentication > Signing In > Sign-in Policies.

  2. Identity the Sign-in Policy to modify or confirm and click the URL to confirm or edit its selected realms.

  3. Expand the Authentication realm section of the policy detail page and make changes as needed.

Next steps

Pulse Secure optional settings