Cookbook for Pulse Connect Secure
Pulse Connect Secure can work as SAML service provider. Use Okta or any appropriate IDP and configure a Customer SP federation pair on Access using Pulse Connect Secure SP and IDP.
If the user tries to configure Request Header rule with Header Name as “Referer”, the configured header rule will not be evaluated by Access. This occurs as by default, Pulse Connect Secure does not send Referer Header in the SAML request.
Complete the following procedure to configure Pulse Connect Secure.
Before you begin
-
Ensure your global SAML configuration is correct
-
Login to Pulse Connect Secure admin portal.
-
Under System > Configuration > SAML, select Settings.
Validate or populate Host FQDN for SAML with the FQDN of your Pulse Connect Secure Appliance -
Click Save.
-
Creating metadata file for Pulse Connect Secure
-
Login to Pulse Connect Secure admin portal.
-
Under System > Configuration > SAML, select New Metadata Provider.
-
Enter a Name such as Access_ZSO.
-
Select Remote for location.
-
Enter the Download URL provided by Okta.
-
Verify the Identity Provider for roles.
-
Click Save.
It takes a few moments for the values to populate from the Metadata Service. Refresh the page to see if download was successful or not.
Donwloading metadata on Pulse Connect Secure
-
Login to Pulse Connect Secure admin portal.
-
Under Authentication > Auth. Servers choose new SAML Server and click New Server.
-
Enter a Name such as Access_ZSO.
-
Select 2.0 for SAML Version.
-
Select Metadata for Configuration Mode.
-
Select the Identity Provider Entity Id from your Okta SAML Metadata Provider (In Creating metadata file for Pulse Connect Secure).
-
Select POST for SSO Method.
-
Select the Okta SSO Certificate.
-
Select a valid Device Certificate for Signing.
-
Click Save.
-
Edit the Authentication Server created and click Download Metadata.
Configuring Federated Pair on Access
-
Login to Access admin portal.
-
Click Profile > Federation > Add Pair.
-
Select Custom SAML Service Provider.
-
Enter a Name and upload a logo.
-
Upload Pulse SAML metadata.xml saved in Donwloading metadata on Pulse Connect Secure.
-
Select Use Tunnel Certificates for SSO and Enable IDP initiated login for this SP.
-
Click Next.
-
Enter the Okta Metadata download URL.
-
Click Done.
Updating Pulse Connect Secure configuration to federate with Access
-
Login to Pulse Connect Secure admin portal.
-
Edit the metadata provider created in Creating metadata file for Pulse Connect Secure.
-
Enter the Access IDP Metadata (Upload to SP) download URL.
-
Click Save.
Refresh the page to ensure that the new metadata is downloaded successfully. -
Edit the SAML Auth server created in Donwloading metadata on Pulse Connect Secure.
-
Edit and update the Identity Provider Entity Id to newly updated access url.
-
Select the Access SSO Certificate
-
Click Save.