Skip to main content

Pulse Secure Single sign-on configuration guide (SAML)


Use this guide to enable Single Sign-on (SSO) access via SAML to Pulse Secure VPN.

These SSO configurations are only necessary when SecureAuth IdP handles the username and second factor, and Pulse Secure handles the user's password before assertion.


  • Pulse Secure 6.3 or later installed and running

  • SecureAuth IdP 9.x deployed, with a realm created for the Pulse Secure integration with the SecureAuth IdP Web Admin

  • The realm's configurations on the Overview, Data, and Multi-Factor Methods, and Post Authentication tabs should be completed before configuring the Workflow tab

SecureAuth IdP Web Admin configuration steps

Workflow tab

1. In the Workflow section, select (Valid Persistent Token) only from the Default Workflow dropdown.


2. Save the configuration before leaving the Workflow page.

Pulse Secure SSO configuration steps

Pulse Secure has numerous SSO options available to provide a more convenient portal environment. The NTLM option is exemplified for this configuration.

1. On the Pulse Secure admin console, select User Realms under Users, and click New User Realm...

An established realm can also be selected if one has already been set up for the SecureAuth IdP integration.

2. Set a Name for the new authentication realm.

3. Select the Server created for the SecureAuth IdP integration.

4. Select the Directory from which the authorization will occur from the User Directory / Attribute dropdown.

5. Check Additional authentication server to expand the menu.

6. Select the Directory from the Authentication #2 dropdown.

7. Select predefined as from the Username is options, and set the field as <USER>

8. Click Save Changes.


Resource Policies

9. On the admin console, click Resource Policies under Users.

10. Select General under SSO (SingleSign-on).


NTLM SSO Settings

11. Click NTLM SSO Settings... to expand the menu.

12. Check Enable NTLM SSO.

13. Create a Label and provide the Domain for the new setting.

14. Select Variable from the Credential Type dropdown.

15. Set the Username variable to <USERNAME> and the Variable Password to <PASSWORD[2]>

16. Click Save Changes.


Autopolicy: Single Sign-on

17. To apply the SSO settings configured above to a resource profile, enter the profile, and check Auto policy: Single Sign-on.

18. Select NTLM.

19. Select the Label name from the Credential dropdown.


Additional resources

Pulse Secure (SP-initiated) integration guide (SAML 2.0)

Pulse Secure Virtual Hostname configuration guide