Addition:
I have already attempted following the steps as described in

https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40225

What do you mean by SSO?
There is no SSO into the Pulse appliance unless you are using a browser that already has a SAML or SiteMinder token
As you are aware, as well, Network Connect is not supported on Mac OS X starting with 10.9; the Pulse Secure client needs to be used for these endpoints

SSO = Single Sign On. I am aware that Network Connect is not supported on Mac.

We are using SSO to authenticate users. Pulse Secure will open Safari (regardless which browser is configured to be the default at OS level), log the user in and set a token. Instead of establishing a full tunnel at that time, the site will attempt to launch Network connect.

From that description, it sounds like you are using SAML.
Does the police trace show, or list of roles assigned in the user access log, show the Pulse role as being the first in the list of assigned roles? If you are assigned a role that does not have Pulse enabled prior to the role with Pulse, Network Connect will be used.

What version of the appliance are you using; there were issues related to SAML & launching Pulse resolved in the latest 8.2 & 5.2 releases. Unfortunately, you seem to have found something we have not had reported yet. If you have not done so, please open a case with our support team so that we can investigate further on why Network Connect is being launched.

What you are seeing is expected (that Safari is the only supported browser for logging in from a macOS endpoint and the Pulse Secure client will force this when using SAML or other login technologies that need to be proxied through the browser)