Are you using the PulseLauncher utility to pass the username and password as arguments?
From the authentication flow that you have described, it seems that you have MFA enabled on the VPN server, hence it is expected to the see the auth prompt presented to the user.
What is the MFA vendor that you have integrated with VPN? Will you be able to change the MFA auth method to something that does not require the user to provide input to the VPN server? Like Login push?
Pulse Connect Secure Certified Expert