<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UiKSAVOkta Classic EngineOkta Integration NetworkAnswered2024-08-11T09:04:05.000Z2016-05-17T20:14:54.000Z2018-02-15T18:27:58.000Z

depps (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Pulse Secure SSL SAML
Has anyone configured Pulse Secure and Okta to work with SAML rather than Radius auth?

 

If so are you also using Pulse to publish VDI desktops? I get an error saying  (Unable to load Citrix Desktops, please contact your administrator)

 

I've managed to get this half working using some old documentation for Juniper IVE however Pulse Secure has moved on a fair bit since it was Juniper.
  • 9 answers
  • 3.98K views
j5v7c likes this.

  • svcV.75126 (Customer)

    We did it but only for the VPN connection, it works great there.

     

    I'd image you'd need some kerb constrained delegation to get all the way through to a citrix desktop. I don't have any hands on experience doing this with Pulse though.

     

    What do the old docs suggest?

    Expand Post

  • depps (Customer)

    Old docs sugest Radius, are you able to share your Pulse and Okta config for SAML? Did you use SAML 2.0 or 1?

  • p0ur0 (p0ur0)

    There is a How to Configure SAML 1.1 for Juniper IVE (https://support.okta.com/help/articles/Knowledge_Article/Configuring-Okta-Template-SAML-20-application)

    , which should work with PulseSecure. I'm trying to configure with PulseSecure 8.2R1.1. I think the configuration steps are for older Juniper SSL VPN code.

    Okta needs to update the document as the product line no longer associated with Juniper SSL VPN and now branded as Pulse Secure.
    Expand Post

  • j5v7c (j5v7c)

    This document needs to be updated.

  • j5v7c (j5v7c)

    Pulse Secure does have an Okta guide with step by step setup. They were able to send it to me as a powerpoint. It requires you to set it up as a custom SAML app. I've uploaded the powerpoint for download here. https://github.com/trwhiteaker/pulse_secure-okta

     

    Workflow:

    First Time:

    -User goes to VPN URL, immediately redirects to Okta for SP initiated login

    -Client is downloaded to users computer if not already present

    -Client launches if already downloaded

    -Client auto-configures and connects

     

    Subsequent Login:

    -User launches client and clicks 'Connect'

    -Browser auto-opens and initiates SP login for VPN

    -Client auto-connects

    -Browser window is auto-closed a few seconds later

     

    The auto-launch feature is a separate check-box that must be enabled on the Pulse configuration. All client configuration updates require uninstall/reinstall of the entire client, server configurations do not.

     

    Hope this helps!
    Expand Post

  • Markus (Customer)

    Great post - the instructions were easy to follow.

    Were you able to get SAML enabled VPN to work on a Mac running OSX 10.12.1 (Sierra) ?

  • j5v7c (j5v7c)

    Thanks for the intructions Travis. They worked perfectly!

  • kbazp (kbazp)

    Apperently PulseSecure did not have the document shared https://github.com/trwhiteaker/pulse_secure-okta

    Thank you for sharing this document as PulseSecure tech support could not find any document on the integration!
This question is closed.
Loading
Pulse Secure SSL SAML