MFA/2FA for Pulse Connect Secure SSL

Last updated on October 16, 2024

Overview

The purpose of this document is to enable Rublon Multi-Factor Authentication (MFA) for users logging in to Pulse Connect Secure SSL VPN. In order to achieve that using SAML, you have to use Rublon Access Gateway. All required steps will be described in this document.

Supported Authentication Methods

Authentication Method	Supported	Comments
Mobile Push	✔	N/A
WebAuthn/U2F Security Key	✔	N/A
Passcode	✔	N/A
SMS Passcode	✔	N/A
SMS Link	✔	N/A
Phone Call	✔	N/A
QR Code	✔	N/A
Email Link	✔	N/A
YubiKey OTP Security Key	✔	N/A

Before you start

You need to install and configure Rublon Access Gateway itself before configuring Pulse to work with it. Please read the Rublon Access Gateway documentation and follow the steps in Installation and Configuration sections. Afterwards, continue with this document.

Configuration

1. Log in to Pulse admin panel.

2. Go to Authentication → Auth. Servers.

3. Select SAML Server in the New dropdown, and click New Server….

4. Fill in the fields in the Settings tab. Refer to the following image and table.

Server Name	Enter a name for your authentication server, e.g. Rublon Access Gateway.
SAML Version	Select 2.0.
Identity Provider Entity Id	Enter the value of Entity ID from Rublon Access Gateway (Applications → Information for configuring applications with Rublon Access Gateway).
Identity Provider Single Sign On Service URL	Enter the value of SSO URL from Rublon Access Gateway (Applications → Information for configuring applications with Rublon Access Gateway).
User Name Template	Enter cn.
Support Single Logout	Check.
Single Logout Service URL	Enter the value of Logout URL from Rublon Access Gateway (Applications → Information for configuring applications with Rublon Access Gateway).
Single Logout Response URL	Enter the value of Logout URL from Rublon Access Gateway (Applications → Information for configuring applications with Rublon Access Gateway).
Upload Certificate	Upload the certificate you have downloaded from Rublon Access Gateway (Applications → Information for configuring applications with Rublon Access Gateway → DOWNLOAD CERTIFICATE).
Enable Signing Certificate status checking	Uncheck.
Metadata Validity	Set to a value of your choice, e.g. 365 days.

5. Click Save Changes.

6. Scroll down to the bottom of the page and click Download Metadata. You are going to need that XML file later.

7. Do not close Pulse admin panel. Log in to Rublon Access Gateway in another tab.

8. Go to Applications → Import application metadata.

9. Enter a name for your application, e.g. Pulse. Select the XML file you have downloaded before, and click UPLOAD.

10. Your application will appear on the applications list in the All applications subtab.

11. Get back to Pulse admin panel. Go to Users → User Realms → New User Realm….

12. Set a Name for your new realm, e.g. Rublon Access Gateway.

13. Select the previously created Rublon Access Gateway authentication server in the Authentication dropdown.

14. Click Save Changes.

15. Select the Role Mapping tab and click New Rule….

16. Set a name of your choice for your new rule.

17. Set Rule:If username… to is *.

18. Assign a Users role. Select Users on the Available Roles list and click Add ->.

19. Click Save Changes.

20. Go to Authentication → Signing In → Sign-in Policies.

21. Click New URL… to create a new URL.

22. Set Sign-in URL to */saml/.

23. Set Sign-in page to Default Sign-in page.

24. Select User picks from a list of authentication realms and select the Rublon Access Gateway realm you have created before. To do this, just select Rublon Access Gateway on the Available realms list and click Add ->.

25. Click Save Changes.

26. Your configuration is now complete. Your users can now log in to Pulse Connect Secure SSL VPN with Rublon 2FA enabled.

Log in to Pulse Connect Secure with Rublon 2FA

This example portrays logging in to Pulse Connect Secure SSL VPN via a web browser.

1. Open the Pulse VPN login page in your browser.

2. You will be redirected to Rublon Access Gateway login page.

3. Provide your username and password. Click SIGN IN. A window should appear with a selection of various 2FA options from Rublon. Let’s choose Mobile Push.