Pulse Secure Connect SSL VPN
The Pulse Client generate safe and secure connection with your corporate Pulse Secure Connect SSL VPN gateway. It provides quick access to data and business applications from off campus. You can connect from anywhere and anytime.
miniOrange integrates with Pulse Secure Connect Secure SSL VPN to add two-factor authentication to VPN login.To add two-factor authentication to your Pulse Connect Secure, your Pulse Secure Access SSL VPN should be compatible with miniOrange.
Log on to your Pulse administrator interface and verify that your firmware is version 8.3 or later. Also you have to do primary authentication configuration for your SSL VPN users, e.g. LDAP authentication to Active Directory.
You can enable two-factor authentication (2FA) for your Pulse Secure Connect Managed AD directory to increase security level. When you enable 2FA, your users enter their username and password (first factor) as usual, and they have to enter an authentication code (the second factor) which will share on your virtual or hardware 2FA solution.
To enable 2FA you can enable RADIUS authentication in Pulse Secure Connect and configure policies in miniOrange to enable or disable 2FA for users.
miniOrange 2FA for VPN Login
miniOrange accomplishes this by acting as a RADIUS server, that accepts the username/password of the user entered as a RADIUS request, validates the user against the user store as Active Directory ( AD ), prompts him for the 2-factor authentication and either grants/revokes access based on the input by the user.
Types of 2FA Authentication with RADIUS
The 2-factor authentication can be of two types depending on the VPN clients.
In VPN Clients that support RADIUS Challenge :
- VPN Clients that support RADIUS Challenge.
- VPN Clients that do not support RADIUS Challenge.
- First step is user's username & password get validated against the credentials stored in Active Directory and 2nd request sends a success response, this request is sent to validate the 2-factor authentication of the user, on successful authentication user is granted access to the application.
- Authentication methods : All Authentication methods supported by miniOrange. Software Token, Push Notification, OTP over Email to name a few.
- RADIUS Clients that support this authentication type:
-> Palo Alto
-> Pulse Secure Connect Secure SSL
Enable Two-Factor Authentication for Pulse Secure Connect Secure SSL VPN with miniOrange
Guidelines to configure RADIUS authentication in Pulse Secure Connect with miniOrange.
Step 1: Add the Radius Client in miniOrange
- Login into the Admin Dashboard..
- Click on Apps >> Manage Apps.
- Click on Configure Apps.
- Select Radius tab and select Radius Client.
- Configure details below to add Radius Client.
||Pulse Secure or any other name for your reference
||IP address of Pulse Secure VPN server which will send Radius authentication request
||Security key (Keep this with you, you will need to configure same in Pulse Secure)
- Click on Save.
Step 2: Enable 2 factor authentication
- Click on Policies tab >> App Authentication Policy.
- Click on Add Policy tab
- In Step 1 Select “Pulse Secure” in Application section.
- In Step 2 Select “DEFAULT” in Group Name and enter Policy name as “Pulse Secure” add policy then Select First factor as “PASSWORD”.
- Enable Second factor then click on Save.
Step 3: Setup LDAP authentication ( OPTIONAL)
- Select User Stores then click on Add User Store.
- Select “AD/LDAP” tab and configure it with your LDAP settings.
||Active Directory or your directory type
|LDAP Server URL
||Your AD server URL or IP address
|Bind Account DN
||Click on AD FS>>Domain>>respective Users>> Properties>>Attribute Editor then copy the value of distinguishedName & paste it against Bind Account DN.
|Bind Account Password
||Password for Bind user account above
||Search Base is a user search location. It means where to search for a user.Example: cn=users,dc=miniorange,dc=com
||If you want to add extra conditions on user search you can add it in Search Filter.Example:(&(objectClass=*)(mail=?))(&(objectClass=*)(samaccountname=?))
- Enable “Active LDAP” and “Sync user in miniOrange” option and click on save.
- Click on Test Configuration to check whether you have enter valid details. For that, it will ask for username & password.
- After this, it will show you the list of User stores. Click on “ Make Default “.
Step 4: Configure Pulse Secure Connect client with miniOrange RADIUS server
- Login to Connect Secure administration console.
- Select Authentication > > AuthServers.
- Select "RADIUS Server" from list then Click on "New Server".
- Enter the details on New Radius Server page.
- Enter the details of "Backup Server".
- Click on "Save changes".
Step 5 : Creating a new user Realms
- Click on Users >> User Realms >> New User Realms.
- Enter the details in New Authentication Realm form.
- Click on Save changes.
Step 6: Creating the Private portal
- Click on “New URL".
- Enter the path of your authentication portal.
- Check the "User picks” from “list of authentication realms”.
- Select Realm of your users.
- Click on "Save Changes".
Step 7 : Login Pulse Secure VPN Software
- Login to Pulse Secure Client .
- Enter your NetID and NetID password.
- Check your downloads folder and double-click on Pulse Secure Installer file.
- Follow the steps in the installer. Enter your computer's Administrator name and password, while installation.
Step 8: Connect to VPN
Enter Username and password and click on login.
It will prompt you for 2 Factor code if you have enabled 2-factor authentication in miniOrange policy.
Enter your 2-Factor code and you should be connected to VPN.
- For Windows 7: Click on Start >> All Programs > >Juniper Networks > >Pulse Secure.
- For Windows 8: Click on Start screen >> Pulse Secure.
Step 9: Disconnect to VPN
- To disconnection session Click on Disconnect.
For Further Details:
Two Factor authentication
Pulse Secure Connect