Solved: Re: Microsoft Azure MFA Cloud and Pulse Secure VPN

jkirby · ‎04-30-2019

Hi All,

Does Pulse Secure have any documentation which will help me intregrate Azure MFA Cloud into my Pulse Secure VPN as our 2FA radius server or SSO via the office portal?

Thanks,

James.

[email protected] · ‎04-30-2019

Hi James,

I am able to find this documentation on Microsoft: Juniper/Pulse Secure SSL VPN and Azure MFA Configuration for RADIUS.

But I think it's for Azure MFA - NPS extension not for Azure cloud.

From Pulse Secure side, I found a documentation for SAML setup: https://www-prev.pulsesecure.net/download/techpubs/current/1540/pulse-connect-secure/pcs/9.0rx/ps-pc...

Sadly, not able find one for Azure cloud + PS (Radius based). 😐

Pulse Connect Secure Certified Expert

View solution in original post

[email protected] · ‎04-30-2019

Hi James,

I am able to find this documentation on Microsoft: Juniper/Pulse Secure SSL VPN and Azure MFA Configuration for RADIUS.

But I think it's for Azure MFA - NPS extension not for Azure cloud.

From Pulse Secure side, I found a documentation for SAML setup: https://www-prev.pulsesecure.net/download/techpubs/current/1540/pulse-connect-secure/pcs/9.0rx/ps-pc...

Sadly, not able find one for Azure cloud + PS (Radius based). 😐

Pulse Connect Secure Certified Expert

jkirby · ‎05-02-2019

Hi Ray,

That last doc was just what i was after, thank you. I had to play around a bit to get the AD security groups into SAML claims but its all sorted now.

Thanks again Buddy.

[email protected] · ‎05-02-2019

You're welcome, @jkirby 😊

Pulse Connect Secure Certified Expert

Emmasmitha · ‎05-02-2019

[email protected] wrote:
Hi James,

I am able to find this documentation on Microsoft: Juniper/Pulse Secure SSL VPN and Azure MFA Configuration for RADIUS.
But I think it's for Azure MFA - NPS extension not for Azure cloud.

From Pulse Secure side, I found a documentation for SAML setup: https://www-prev.pulsesecure.net/download/techpubs/current/1540/pulse-connect-secure/pcs/9.0rx/ps-pc...

Sadly, not able find one for Azure cloud + PS (Radius based). 😐

Thank you so much for this. I was into this issue and tired to tinker around to check if its possible but couldnt get it done. Now that i have seen the way you did it, thanks guys
with
regards

Nox tweakbox plex

LZSanderson · ‎02-12-2020

@jkirbyDoes your configuration work with the PulseSecure desktop client as well? If so would you be so kind as to share a sterilized copy of your config?

lochan · ‎05-21-2020

Hello ,

I am also looking to enable MFA with existing Pulse with above SAML based document and configured everything , howoever keep facing issue on SAML responce as samlMultiValAttr.groups attributes is not matching while responce and does not allow to connect

[email protected] · ‎05-21-2020

@lochan Do you have configured the SAML IDP to send "groups" attribute values in the SAML response? If yes, then can you see if those are being read by the VPN server by capturing a policytrace?

Pulse Connect Secure Certified Expert

lochan · ‎09-03-2020

[email protected] , yes IDP is sending group attributes but it looks Pulse is expecting attribute -samlMultiValAttr.groups , which is not defined under group claim on azure IDP as azure can only send default attributes. which looks to be issue , not sure how to proceed further .

[email protected] · ‎09-11-2020

@lochan samlMultiValAttr is the variable name format used by Pulse Connect Secure, in other words, it's just a locally significant variable name gets prepended to the actual SAML attribute.

Groups is the attribute configured on the Azure which gets stored as samlMultiValAttr.groups on the VPN, so it is same in all aspects.

Pulse Connect Secure Certified Expert