Configure the Pulse Connect Secure gateway
During this task we will use the Pulse Secure Administrator Sign-in Page to configure a new authentication server, to create or modify a user realm, and to modify or confirm the sign-in policies.
There are three parts to this configuration:
- Configure a new Authentication Server
- Create or Modify a User Realm
- Modify or Confirm the Sign-in Policies
Before you begin
- Ensure that you have the common UDP port and secret key values available.
- Sign in to the Pulse Connect Secure Administrator Sign-In Page with sufficient privileges.
- Navigate to Authentication > Auth Servers, click the New dropdown, and then click New Server to define a new Authentication server, as shown below.
Note: You can also edit an existing RADIUS server, if desired, by selecting it from the list of authentication servers.
- Enter the following values to create a New RADIUS Server.
Name Unique and appropriate name (Okta) NAS Identifier Optional: an identifier of the NAS RADIUS Server IP or Name of Okta RADIUS Server Agent Authentication Port Port 1812, or as set above Shared Secret As set above Server Address IP or Name of Okta RADIUS Server Agent Accounting Port Required, but any value is acceptable NAS IPv5 Address Optional: shows in the Okta logs, if defined Timeout Recommended: 60 seconds Retries 1
- Optionally, repeat the settings for the backup server, if required and available.
- Ignore the RADIUS Accounting section.
- Expand the Custom RADIUS Rules drop-down arrow, and then click New RADIUS Rule....
- The following screen appears:
- Enter the following values to create a Custom RADIUS Rule.
Name Unique and appropriate name (Okta Challenge Rule) If received Radius Response Packet... Access Challenge Attribute Criteria
Radius Attribute: Reply-Message (18)
Operand: matches the expression
Value: [leave blank]
Then take action show Generic Login page
- Click Save Changes for the new RADIUS rule.
- Ignore the warnings that the rule is not very specific.
- Click Save Changes for the new authentication server.
Navigate to Users > User Realms.
From the Overview view, click New... to define a new authentication realm to display the following screen.
Note: You can also edit an existing authentication realm, if desired, by selecting it from the list of user authentication realms.
- Enter the following values to create a New Authentication Realm
Name Unique and appropriate name (Okta) Description Optional; use any desired description Authentication
Okta (authentication server name created in step 1, above)
User/Directory Attribute Select Same as Above from the drop-down list Accounting Select None from the drop-down list Device Attributes Select None from the drop-down list
- Click Save Changes.
- Optionally, set Role Mapping, by selecting the Role Mapping tab, and then selecting Role Mapping from the top menu. The following screen appears:
- As desired, define user attribute driven role assignments. Combine this with the Advanced Radius settings to enforce dynamic roles for users.
- Navigate to Authentication > Signing In > Sign-in Policies.
Identity the Sign-in Policy to modify or confirm and click the URL to confirm or edit its selected realms.
Expand the Authentication realm section of the policy detail page.