Configure the Pulse Connect Secure gateway

During this task we will ise the Pulse Secure Administrator Sign-in Page to configure a new authentication server, to create or modify a user realm, and to modify or confirm the sign-in policies.

Steps

There are three parts to this configuration.

  1. Configure a new Authentication Server
  2. Create or Modify a User Realm
  3. Modify or Confirm the Sign-in Policies

Before you begin

  • Ensure that you have the common UDP port and secret key values available.

Configure a new Authentication Server

  1. Sign in to the Pulse Connect Secure Administrator Sign-In Page with sufficient privileges.
  2. Navigate to Authentication > Auth Servers, click the New dropdown, and then click New Server to define a new Authentication server, as shown below.

    Note: You can also edit an existing RADIUS server, if desired, by selecting it from the list of authentication servers.

  3. Enter the following values to create a New RADIUS Server.
    Name Unique and appropriate name (Okta)
    NAS IdentifierOptional: an identifier of the NAS
    RADIUS ServerIP or Name of Okta RADIUS Server Agent
    Authentication PortPort 1812, or as set above
    Shared SecretAs set above
    Server AddressIP or Name of Okta RADIUS Server Agent
    Accounting PortRequired, but any value is acceptable
    NAS IPv5 AddressOptional: shows in the Okta logs, if defined
    TimeoutRecommended: 60 seconds
    Retries1
  4. Optionally, repeat the settings for the backup server, if required and available.
  5. Ignore the RADIUS Accounting section.
  6. Expand the Custom RADIUS Rules drop-down arrow, and then, click New RADIUS Rule..., as shown below.

  7. The screen shown below opens.

  8. Enter the following values to create a Custom RADIUS Rule.
    Name Unique and appropriate name (Okta Challenge Rule)
    If received Radius Response Packet...Access Challenge
    Attribute Criteria

    Radius Attribute: Reply-Message (18)

    Operand: matches the expression

    Value: [leave blank]

    Then take actionshow Generic Login page
  9. Click Save Changes for the new RADIUS rule.
  10. Ignore the warnings that the rule is not very specific.
  11. Click Save Changes for the new authentication server.

Create or Modify a User Realm

  1. Navigate to Users > User Realms.

  2. From the Overview view, click New... to define a new authentication realm to display the following screen.

    Note: You can also edit an existing authentication realm, if desired, by selecting it from the list of user authentication realms.

  3. Enter the following values to create a New Authentication Realm
    Name Unique and appropriate name (Okta)
    DescriptionOptional; use any desired description
    Authentication

    Okta (authentication server name created in step 1, above)

    User/Directory AttributeSelect Same as Above from the drop-down list
    AccountingSelect None from the drop-down list
    Device AttributesSelect None from the drop-down list
    .
  4. Click Save Changes.
  5. Optionally, set Role Mapping, by selecting the Role Mapping tab, and then selecting Role Mapping from the top menu. The screen shown below opens.

  6. As desired, define user attribute driven role assignments. Combine this with the Advanced Radius settings in the Configure Optional Settings section below to enforce dynamic roles for users.

Modify or Confirm the Sign-in Policies

  1. Navigate to Authentication > Signing In > Sign-in Policies to display the page shown below.

  2. Identity the Sign-in Policy to modify or confirm and click the URL to confirm or edit its selected realms.

  3. Expand the Authentication realm section of the policy detail page to display the page shown below.