Configuring Server VPN Policy

The Ivanti Secure Access client enables you to secure your company resources using authentication realms, user roles and resource policies. For complete information on the Ivanti Connect Secure gateway, see the Ivanti Connect Secure documentation.

The Ivanti Connect Secure gateway checks the authentication policy defined for the authentication realm. The user must meet the security requirements that are defined for a realm's authentication policy. At the realm level, you can specify security requirements based on various elements, such as the user's source IP address or the possession of a client-side certificate. If the user meets the requirements specified by the realm's authentication policy, the gateway forwards the user's credentials to the appropriate authentication server. If this server successfully authenticates the user, then the gateway evaluates the role-mapping rules defined for the realm to determine which roles to assign to the user.

The following is a generalized example of configuring a Ivanti Connect Secure gateway for the Ivanti Secure Access Client for Linux.

1.Click Users > User Roles and then either select an existing role (preferred) or create a new role.

2.If creating a new role, specify a name and optional description for the role, for example:
Linux Users Role, Linux Users VPN Role.

3.Enable VPN Tunnelingand Save Changes.

4.Click Users > User Realms to create new realm or select an existing realm.

5.Configure and save your options on the General and Authentication Policy tabs.

6.To Sign In, enable primary/secondary authentication by selecting Servers from Authentication Server list.
On the Role Mapping tab, click New Rule to create a new role-mapping rule.
One option for a role-mapping rule is to create a custom expression that uses the user agent string to identify a Linux device. The Ivanti Secure Access client for Linux user agent string has a form like this:

userAgent = Pulse-Secure/9.1.8.800 <Linux OS version>

  1. Select the role that you created earlier for the Linux users, add it to the Selected Roles list.

  2. Click Save Changes.

User sign-in policies determine the realm(s) that users can access.

  1. To create a new sign-in policy, clickNew URL, or to edit an existing policy, click a URL in the User URLscolumn.

  1. Modify an existing sign-in page or create a new one using options in the Authentication > Signing In > Sign-in Pages page of the admin console.

  2. Specify a sign-in policy that associates a realm, sign-in URL, and sign-in page using settings in the Authentication > Signing In > Sign-in Policies page of the admin console. To create or configure user sign-in policies, Click New URL in Authentication > Signing In > Sign-in Policies.

  3. Under Authentication realm, specify which realm(s) map to the policy, and how users and administrators pick from amongst realms.

  4. ClickSave Changes.