Pulse Secure SSL SAML Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Admin AccountAdmin Account 

Pulse Secure SSL SAML

Has anyone configured Pulse Secure and Okta to work with SAML rather than Radius auth?

If so are you also using Pulse to publish VDI desktops? I get an error saying  (Unable to load Citrix Desktops, please contact your administrator)

I've managed to get this half working using some old documentation for Juniper IVE however Pulse Secure has moved on a fair bit since it was Juniper. 
api-workday api-workdayapi-workday api-workday
We did it but only for the VPN connection, it works great there.

I'd image you'd need some kerb constrained delegation to get all the way through to a citrix desktop. I don't have any hands on experience doing this with Pulse though.

What do the old docs suggest?
Admin AccountAdmin Account
Old docs sugest Radius, are you able to share your Pulse and Okta config for SAML? Did you use SAML 2.0 or 1?
Alex ShchukinAlex Shchukin
There is a How to Configure SAML 1.1 for Juniper IVE (https://support.okta.com/help/articles/Knowledge_Article/Configuring-Okta-Template-SAML-20-application)
, which should work with PulseSecure. I'm trying to configure with PulseSecure 8.2R1.1. I think the configuration steps are for older Juniper SSL VPN code.
Okta needs to update the document as the product line no longer associated with Juniper SSL VPN and now branded as Pulse Secure.
Alex ShchukinAlex Shchukin
There is another guide with references to Juniper SSL VPN:
Al ShchAl Shch
This document needs to be updated.
Travis WhiteakerTravis Whiteaker
Pulse Secure does have an Okta guide with step by step setup. They were able to send it to me as a powerpoint. It requires you to set it up as a custom SAML app. I've uploaded the powerpoint for download here. https://github.com/trwhiteaker/pulse_secure-okta

First Time:
-User goes to VPN URL, immediately redirects to Okta for SP initiated login
-Client is downloaded to users computer if not already present
-Client launches if already downloaded
-Client auto-configures and connects

Subsequent Login:
-User launches client and clicks 'Connect'
-Browser auto-opens and initiates SP login for VPN
-Client auto-connects
-Browser window is auto-closed a few seconds later

The auto-launch feature is a separate check-box that must be enabled on the Pulse configuration. All client configuration updates require uninstall/reinstall of the entire client, server configurations do not.

Hope this helps!
AD1 Agent1AD1 Agent1
Great post - the instructions were easy to follow.
Were you able to get SAML enabled VPN to work on a Mac running OSX 10.12.1 (Sierra) ?
Wesley KirklandWesley Kirkland
Thanks for the intructions Travis. They worked perfectly!
Av ShchAv Shch
Apperently PulseSecure did not have the document shared https://github.com/trwhiteaker/pulse_secure-okta
Thank you for sharing this document as PulseSecure tech support could not find any document on the integration!