I have to apologize, for my error. I conflated two seperate things. I was thinking of Central Manager which allows management of the Cluster. But then since the JPSA can push configuration to multiple units, my thought was if you have a single longin to the CMC, then you can push the configuration out to multiple uints. Here is the confusion which is now clear, thank you:

"Junos Pulse Secure Access Service appliances enable you to copy all configuration settings or
selected configuration settings from one Junos Pulse Secure Access Service to another using the
Push Configurationfeature. This feature provides simple configuration management across
an enterprise without requiring you to cluster Junos Pulse Secure Access Service appliances. With
the Push Configurationfeature, you can decide exactly which settings you do and do not want
to copy across the enterprise. The interface for selecting the settings is similar to the XML Import/
Exportfeature. You can push to a single Junos Pulse Secure Access Service or to multiple Junos
Pulse Secure Access Service devices. For example,if you install several new Junos Pulse Secure
Access Service devices, you can push to set their initial configuration. You can also push to a Junos
Pulse Secure Access Service device that is a memberof a cluster, as long as the target Junos Pulse
Secure Access Service is not a member of the same cluster as the source. Target Junos Pulse Secure
Access Service devices have the option of not accepting pushed configuration settings"

However, when the multiple nodes are clustered, Central Manager provides significant benefits. The first benefit is that of minimal downtime upgrades, which ensures that at least one member of the cluster is running at all times during a software upgrade. This benefit is independent of the type or size of the cluster.
The second benefit of Central Manager when used with clusters is that of package synchronization.
If a Junos Pulse Secure Access Service with oldercode tries to join a cluster, it upgrades
automatically. If a Junos Pulse SecureAccess Service with newer code tries to join a cluster, it is
rejected. In addition, all cluster members store a local copy of the software.
A third Central Manager benefit is the ability to see to which node of the cluster a user is signed in.
We show this node information on the next page. Information on the Active Userspage is
updated every 60 seconds."

But is clear what the purpose of the CM060 is now.

Thanks for the correction.

Config sync is your best solution. Or you can use XML export / import and manipulate the code. 

NSM sucks beynond belief for central management. I have not heard of any roadmap on this. 

Is there a recommended Juniper solution to manage MAG devices?

Here's a link to share:

http://www.juniper.net/techpubs/en_US/nsm2012.2/topics/concept/network-management-secure-access-conf...

Michael - there is nothing other than what I suggested in my prior post. There is a lot you can do with scripting, etc., but that is it.

I have recently been told that the plans to integrated the SSL/UAC solutions into Junos Space have been dropped. So the (not good) bottom line is there is no central management solution out there for the MAG products. 

I see the topic has been a long while now, but I was wondering if the MAG-CM060 would not fulfil what you are asking about? Unless there are some features that I am not understanding from the question. But you can use it manage multiple MAG devices, push configuration out to them, upgrade them all from one console login.