Configure Pulse Connect Secure

Configure Pulse Connect Secure to use the Okta RADIUS Server Agent in conjunction with the Okta Integration Network (OIN) Pulse Secure (RADIUS) app.

Before you begin

Meet the following network connectivity requirements before you install the Okta RADIUS agent:

Source Destination Port/Protocol Description
Okta RADIUS Agent Okta Identity Cloud TCP/443

HTTP

Configuration and authentication traffic.
Client Gateway Okta RADIUS Agent UDP/1812 RADIUS (Default, you can change this when you install and configure the RADIUS app) RADIUS traffic between the gateway (client) and the RADIUS agent (server).

Limitations

Enroll only a single Okta Verify device. Adding more Okta Verify devices can cause undefined or unexpected behavior.

If you've migrated a RADIUS-configured org from Classic Engine and you configure the Okta Verify authenticator with the number challenge, the challenge may be presented to RADIUS users even though it's not supported. To prevent this, enable the Early Access feature Disable number matching challenge for RADIUS. See Enable self-service features.

Supported factors

See Pulse Connect Secure supported versions and factors for a complete list of supported version, factor and related information.

Typical workflow

Task

Description

Download the RADIUS agent In the Admin Console, go to SettingsDownloads. Download the appropriate Okta RADIUS Agent for your environment.

For throughput, availability, and other considerations, see Okta RADIUS Server Agent Deployment Best Practices.

Install the Okta RADIUS Agent. Install Okta RADIUS server agent on Windows

Install Okta RADIUS server agent on Linux

Configure application Configure the Pulse Secure (RADIUS) application.
Configure gateway Use the Pulse Connect Secure Administrator tool to configure the Pulse Connect Secure gateway.
Configure optional settings Optional. see Pulse Secure optional settings.
Test Test the Pulse Connect Secure integration

Related topics