Pulse Secure VPN RADIUS Integration

This article assumes that MonoSign RADIUS Server is configured properly. If you have any issue with RADIUS server, you can check this article.

This document explains how to implement MonoSign RADIUS Server with Pulse Secure. Before you continue, it is better to start with Pulse Secure’s Single Sign-On implementation page.

Creating an Application and Access Key on MonoSign

Navigate to the application dedicated to RADIUS Server. Once you navigate, click Keys and Add New Key to create a RADIUS access key.

CleanShot 2022-06-09 at 00.47.34.png

In the opened modal, choose RADIUS as Key Type and switch to RADIUS Settings. Fill in the necessary fields according to the information provided by Pulse Secure. Correspondings of the fields are as below.

Field

Value

NAS-Identifier

Name of the device dedicated to RADIUS

NAS-IP

Name or IP address of the RADIUS Server

Shared Secret

Shared Secret defined on the RADIUS Server

Click Save and you are gonna see your configuration for your access key as follows.

CleanShot 2022-06-14 at 10.49.58.png

Configuration Single Sign-On for Pulse Secure

In order to configure the RADIUS Server on MonoSign for Pulse Secure SSO, create a RADIUS Server first. Navigate to Authentication > Auth. Servers. Choose Server Type as RADIUS Server and click New Server.

CleanShot 2022-06-14 at 10.12.32.png

Fill in the necessary fields. Correspondings of the fields are as below.

Field

Value

Name

Label for referencing the server

NAS-Identifier

Name of the device dedicated to RADIUS

NAS IP

Empty if NAS IP is not configured on RADIUS Server

RADIUS Server

Name or IP address of the RADIUS Server

Shared Secret

Shared secret defined on the RADIUS Server

Accounting Port


Timeout

Recommended: 120 seconds

Scroll down to the Custom RADIUS Rules section and create recommended rules as follows.

CleanShot 2022-06-14 at 11.37.09.png

Next, create a new User Realm or edit an existing one. Navigate to Users > User Realms and click New….

CleanShot 2022-06-14 at 13.03.04.png

Fill in the necessary fields. Correspondings of the fields are as below.

Field

Value

Name

Label for referencing the realm

Authentication

Created RADIUS Authentication Server above

User Directory/Attribute

Same as above

Accounting

None

Device Attributes

None

Optionally, MonoSign Roles/Groups can be mapped to Pulse Secure Roles in the Role Mappings tab. Example group mapping is as follows.

CleanShot 2022-06-14 at 15.15.26.png

Next, create a new dedicated Policy or edit the existing policy to add the created realm as the Authentication Realm. Navigate to Authentication > Signing In > Sign-in Policies and click New Rule….

CleanShot 2022-06-14 at 15.34.00.png

Fill in the necessary fields and scroll down to the Authentication realm section. Add the realm as follows. You can add multiple realms to the policy and make users able to choose one. However, adding only one realm will automatically redirect users to it.

Creating Policies dedicated to desired Authentication Realms is recommended. This way the Authentication Realms will not be exposed to outside.

CleanShot 2022-06-14 at 16.35.00.png

VPN Connection

In order to establish a VPN connection using RADIUS, connect to the Policy URL associated with RADIUS Authentication Realm. Create a new or edit the existing connection and fill the necessary fields according to configurations made in chapter two. Correspondings of the fields are as below.

Field

Value

Type

Policy Secure (UAC) or Connect Secure (VPN)

Name

Label for referencing the connection

Server URL

Url specified while creating policy

If multiple Authentication Realms exist assigned to the Policy, a Realm selection dialog will appear.

CleanShot 2022-06-15 at 11.32.56.png

To connect, select RADIUS Authentication Realm and type your MonoSign credentials. the connection will start your MonoSign Authentication Flow.