Ivanti Secure Access Client Configuration Overview

You configure Ivanti Secure Access Client settings on the Ivanti server so that when users request authentication, they are assigned a role based on the role mappings and optional security profile that you create. Access to specific resources is permitted only for users and devices that provide the proper credentials for the realm, that are associated with the appropriate roles, and whose endpoints meet security restrictions. If a user attempts to connect to the network from an endpoint that does not comply with the security restrictions you have defined, the user cannot access the realm or role.

As you plan your Ivanti Secure Access Client configuration, be sure you know how you want to deploy Ivanti Secure Access Client. You can use one or more of the following Ivanti Secure Access Client deployment options:

•Use the defaults or make changes to the Ivanti Secure Access Client default component set and default connection set, and then download and distribute Ivanti Secure Access Client by having users log in to the gateway's user Web portal and be assigned to a role. After the installation is complete, users have all the connections they need to access network resources.

•Create connections that an endpoint needs for connectivity and services, download the Ivanti Secure Access Client settings file (.pulsepreconfig), download default Ivanti Secure Access Client .msi installation program, and then run the .msi installation program by using an msiexec command with the settings file as an option. You can use the msiexec command to deploy Ivanti Secure Access Client using a standard software distribution process, such as SMS/SCCM.

•Distribute Ivanti Secure Access Client with no preconfiguration. You can download the default Ivanti Secure Access Client installation file (Mac or Win) from the device, and then distribute the file to endpoints using your organization's standard software distribution methods. Because the installer does not contain preconfigured connections, users must define network connections manually. Or you can create dynamic connections on each access gateway. These connections are automatically downloaded to the installed Ivanti Secure Access Client when users provide their login credentials to the gateway's user Web portal.

The following tasks summarize how to configure Ivanti Secure Access Client on the device:

•Create and assign user roles to control who can access different resources and applications on the network. If you are converting your access environment from agentless or a VPN Tunneling environment, you should create new roles that are specific for Ivanti Secure Access Client.

•Define security restrictions for endpoints with Host Checker policies.

•Define user realms to establish authentication domains. If you are converting your access environment from agentless or a NC environment, typically you can use your existing realms.

•Associate the roles with appropriate realms to define your access control hierarchy using role mapping.

•Define Ivanti Secure Access Client component sets, connection sets, and connections.

•Deploy Ivanti Secure Access Client to endpoints.