Pulse Secure Single sign-on configuration guide (SAML)

Use this guide to enable Single Sign-on (SSO) access via SAML to Pulse Secure VPN.

These SSO configurations are only necessary when SecureAuth IdP handles the username and second factor, and Pulse Secure handles the user's password before assertion.

Pulse Secure has numerous SSO options available to provide a more convenient portal environment. The NTLM option is exemplified for this configuration.

1. On the Pulse Secure admin console, select User Realms under Users, and click New User Realm...

An established realm can also be selected if one has already been set up for the SecureAuth IdP integration.

2. Set a Name for the new authentication realm.

3. Select the Server created for the SecureAuth IdP integration.

4. Select the Directory from which the authorization will occur from the User Directory / Attribute dropdown.

5. Check Additional authentication server to expand the menu.

6. Select the Directory from the Authentication #2 dropdown.

7. Select predefined as from the Username is options, and set the field as <USER>

8. Click Save Changes.

Resource Policies

9. On the admin console, click Resource Policies under Users.

10. Select General under SSO (SingleSign-on).

NTLM SSO Settings

11. Click NTLM SSO Settings... to expand the menu.

12. Check Enable NTLM SSO.

13. Create a Label and provide the Domain for the new setting.

14. Select Variable from the Credential Type dropdown.

15. Set the Username variable to <USERNAME> and the Variable Password to <PASSWORD[2]>

16. Click Save Changes.

Autopolicy: Single Sign-on

17. To apply the SSO settings configured above to a resource profile, enter the profile, and check Auto policy: Single Sign-on.

18. Select NTLM.

19. Select the Label name from the Credential dropdown.

Pulse Secure (SP-initiated) integration guide (SAML 2.0)

Pulse Secure Virtual Hostname configuration guide