Ivanti Pulse Secure Connect Integration

General Overview

This guide explains the instructions on configuring Mirket multi-factor authentication for Pulse Secure. Prior configuration and deployment of Pulse Secure are required before setting up MFA with Mirket.

Pulse Secure offers various MFA configuration modes. In this integration, we've configured RADIUS authentication with Mirket.

Preparation Steps

Before proceeding with these procedures, ensure the following:

• You've completed the installation and configuration of the Mirket (go to Mirket Installation Steps).

Configuring Pulse Secure

The configuration involves adding a RADIUS Server profile and then configuring a user realm.

Follow these steps to configure Pulse Secure:

• Go to Authentication > Auth Servers from the PPS Admin console.

• Choose the RADIUS Server option from the Auth Server Type list. Then click on the New Server option.

• Enter a name in the Name field. In our example, we enter the server name as "Mirket-Proxy-RADIUS".

• Input the following information under the Primary Server section:

  • Input the IP address of the Mirket Authentication Proxy into the RADIUS Server field.

  • Input 1812 for communication with the Mirket Proxy (RADIUS server) in the Authentication port field. Additionally, you can use the port specified in your 'authproxy.cfg' file for communication.

  • Input a shared secret key to communicate with the Mirket Proxy (RADIUS server) in the Shared Secret field. In Mirket use this same secret key when configuring a RADIUS client resource.

• Go to Users > User Realms and configure the User Realm for the Mirket RADIUS server by selecting Mirket-Proxy-RADIUS (or the name you assigned to your new RADIUS server) from the Authentication dropdown list.

• Click on Save to confirm settings.

Configure Mirket

To enable Mirket to receive authentication requests from Sophos Firewall, follow these steps:

• Define Sophos as a RADIUS client resource within Mirket.

• Create an authentication policy for the Sophos RADIUS client resource or include it in an existing authentication policy.

• Attach the Sophos resource to the Mirket Radius.

Add a Pulse Secure as Resource in Mirket with Mirket Radius Gateway

Before starting, ensure that you have installed Mirket Radius Gateway. To add a Radius Client to the Mirket Radius Gateway, follow these steps:

• First, navigate to the directory C:\MirketRadius and open the config.json file.

• Fill in the gateway and radiusClientList fields according to the provided specifications to ensure accurate and secure network configuration.

  • samName: Enter the SAM name of the gateway. In Mirket, user identification is done using the SAM (Security Account Manager) name. This is preferred over the standard username. This username is used for authentication and access controls. Please provide your domain name, such as 'mirket'.

  • authenticationPort: Enter the authentication port value you set for the gateway. The default value is 1812.

  • accountingPort: Enter the accounting port value you specified for the gateway. The default value is 1813.

  • gatewayIp: Enter the IP address of the server where the Mirket is installed.

  • ipAddress: Enter the IP address of your firewall.

  • secretKey: Enter your secret key. This secret key is used to link your radius client and radius server, so ensure they are identical.

• Once you've made the necessary changes to the config.json file, save and close it. Note: You can add multiple RADIUS clients.

• After completing the configuration, restart the 'Mirket Radius Gateway Service'.

User and Group configuration on Mirket

To set up multifactor authentication, make sure you have at least one user group in Mirket.

If it is preferred to use a local user, first create a local group and then create a local user and make the user a member of the group.

• Create a Local Group to add users manually.

• Add local Mirket users manually.

If it is preferred to use LDAP users, the priority LDAP group is created by pulling users from Active Directory or OpenLDAP in Mirket.

• Create a LDAP group to include LDAP users.

• Sync users from an external user database.

Add a Radius Rules to Mirket

Radius Rules define user access to resources and the authentication methods available (such as SMS, Approve / Deny, OTP etc.).

First, you should follow these steps:

• Select Rules > Radius Rules.

• Click on Add New.

• Enter a rule name in the Name field.

• Enter the rule description in the Description field.

• Select the group to which the rule applies from the Group dropdown list.

• Select the provider to which the rule applies from the Provider dropdown list.

• Select the authorization profile to which the rule applies from the Authorization dropdown list.

• Click on Save to confirm settings.

Test the Integration

To validate the integration between Mirket MFA and your Pulse Secure, perform authentication using a mobile token on your mobile device. For RADIUS resources, available authentication methods include Approve/Deny authentication.

In this example, we illustrate the use of the Approve/Deny authentication method.

• Launch Pulse Secure Connect.

• Enter your Mirket username and your password.

• Click on Connect. Then, select the 'Approve' option(found in the Mirket mobile app) immediately and make sure it doesn't time out.

Related Topics

Radius Clients

Radius Rules

Local Group Configuration

Local Users Configuration

LDAP Group Configuration

LDAP Users