Home » Cloud » [solved] how to configure SSO with Microsoft Azure Active Directory as SAML IdP with Pulse Connect Secure step by step

[solved] how to configure SSO with Microsoft Azure Active Directory as SAML IdP with Pulse Connect Secure step by step

PulseSecure can be configured many different ways for authentication and we are going to configure SSO PulseSecure to use Azure AD with SAML.

Below are the summary steps.

  • Add an enterprise custom application in Azure for the PulseSecure
  • Add SAML server configurations  in PulseSecure
  • Add an Authentication server using the SAML server configuration in PulseSecure.
  • Configure the user realm to use the new SAML authentication server.

Add an enterprise custom application in Azure for the PulseSecure


  • log into the Azure portal “https://portal.azure.com”
  • navigate to “Azure Active directory in the portal.
  • add a custom application by going to “Enterprise applications” in the left pane
  •  Choose a New application  and there you will have the options to search from the built in gallery of all the applications if it is available by default.
  • since PulseSecure is not available by default, you can click on “create your application

  1.      Name your application in the Azure portal.
  2.     Create the application

  1. Once the application is crated, go to “Users and groups” and assign the users from your AzureAD
  2. Next click on the “Single sign-on”

  1.  This is your entity ID URL
  2. This is your reply URL
  3. Relay is only used if you want to initiate the session from the AzureAD side.
  4. You will need to download the metadata file which in the later steps needs to be uploaded in PulseSecure when creating a IDP.

You can add users by clicking on Add user and once added they will be assigned to the application.

Add SAML IDP/Metadata configurations  in PulseSecure

 

  • Login to the PulseSecure portal by going to https://name.doamin.com/admin with admin credentials.
  • Click on the “configurations” and then choose “SAML” to add the SAML configurations
  • In the drop down menu choose “SAML Server” and click on New server
  • In the Name field, choose the name you like for the IDP provider, name is only local to the PulseSecure appliance

 

Add an Authentication server using the SAML server configuration in PulseSecure

  • Click on the on the “Auth Servers” on the left side to add a authentication server, this server configuration will be tied to the SAML configuraions that you created in step 1.

  • On the next screen, choose the name of the server as pointed in the below screenshot as 1.
  • Choose the “SAML” version as 2.0 and choose the IDP metadata link from the drop down menu.
  • Choose “metdata”

 

  • The screen shot continues and leave everything else is default.

 

 

Configure the user realm to use the new SAML authentication server

  • Click on the user realms on the left side and pick user realm that will be tied to the “authentication server” that you created in step 2.
  • Go the user realm which is default for all the user.

  1. On the next screen, make sure you are on the right user realm as showing below as # 1.
  2. Choose the “authentication server” you have created in the previous steps showing below listed as # 2.
  3. choose the role mapping server which can be a domain controller

The configuration is complete and you can now test to make sure SAML is working properly.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*