We use Okta to SAML auth our users to a SAML enabled realm. We'd also like to start using machine authentication for our Windows users where the machine would machine auth (using certificate server) when no user is logged in and then users could SAML login once they are logged in.
Seems like Pulse doesn't support multiple realms on a single login URL if you do SAML? What's the workaround to do machine auth (during login) + SAML (for users). When I try to add multiple connections (one for SAML and one for Machine auth), the 2nd connection is wiped out automatically on connect which is odd.
Any help would be appreciated.
looks like the above issue that I mentioned was wrong configuration on my end. I have a working connection with SSO for User based authentication and certificate for machine authentication.
I still have an issue regarding the workflow though - when the user cancels out of SSO authentication (say they don't want to use VPN in their user session). The connection is deemed as "Disconnected - Manual Override". Once the connection is in this state, machine authentication doesn't kick in when I log out of switch user. The next time machine authentication will kick in is when I reboot and the connection is setup to auto-connect again.
Is there a way to not force the user to login to VPN but still have machine authentication prior to user login.