search

Ivanti Pulse Connect Integration via Radius

General Overview

This guide explains the instructions on configuring Mirket multi-factor authentication for Ivanti Pulse Connect . Prior configuration and deployment of Ivanti Pulse Connect are required before setting up MFA with Mirket.

Ivanti Pulse Connect offers various MFA configuration modes. In this integration, we've configured RADIUS authentication with Mirket.

hashtag
Configuring Pulse Secure

  • Log in to the Ivanti Connect Secure admin portal with an administrative account, then navigate to Authentication > Auth Servers.

  • From the list, select RADIUS Server and click New Server.

  • To define the new RADIUS server, set the following configurations.

Name

Set the name of the RADIUS server.

For example, Mirket.

RADIUS Server

Set to the Name or IP address of the Mirket Radius Gateway.

For example, 10.10.10.180

Authentication Port

Set to 1812.

Shared Secret

Enter the RADIUS shared secret key for the Mirket Radius Gateway

Timeout

Set to 60.

Retries

Set to 1.

  • Optional. If you require and have a backup server, repeat the above configuration settings.

  • Save your changes.

  • From your newly created RADIUS server settings, scroll down to the Custom RADIUS Rules section and click New RADIUS Rule…

  • Set the following configurations.

Name

Enter a unique name.

For example, Mirket Challenge Rule.

Response Packet Type

Set to Access Challenge.

Attribute Criteria

Set the following attribute criteria:

  • RADIUS Attribute – Set to Reply-Message (18)

  • Operand – Set to matches the expression

  • Value – Leave blank.

Then take action

Set to show Generic Login page

  • On the Ivanti Connect Secure admin portal, navigate to Users > User Realms.

  • Click the New User Realm link and set the following configurations.

Name

Enter a Unique name.

For example, Mirket-RADIUS.

Authentication

Set to Mirket.

User/Directory Attribute

Set to Same as Above.

Accounting

Set to None.

Device Attributes

Set to None.

  • Save your changes.

  • Optional. Navigate to Role Mapping from the top menu, click New Rule and set the following configurations.

    Rule based on

    Set to Username.

    Name

    Enter a unique name.

    For example, Mirket-Mapping.

    Rule: if username

    Set to is and type required usernames or use the wildcard character *.

    then assign these roles

    Select the roles to assign.

  • Save your changes

  • Navigate to Authentication > Signing In > Sign-in Policies.

  • Click the link for the sign-in policy that you want to modify

  • In the Authentication realm section, choose User picks from a list of authentication realms. Then, in the Available realms box on the left, select the user realm you just configured and click Add to move it to the Selected realms box on the right.

  • Save your changes.

hashtag
Configure Mirket

hashtag
Add Ivanti Pulse Connect as a Radius Client in Mirket

Before starting, ensure that you have installed Mirket Radius Gateway from the Configuration > Gateway. To add a Radius Gateway to the Mirket, follow these steps:

  • Go to Configuration > Gateway and click on the Add Radius Gateway button.

  • On the displayed screen, enter a name for your Radius Gateway in the Name field.

  • Enter the SAM value of the gateway in the Sam Value field. In Mirket, user identification is done using the SAM (Security Account Manager) name. This is preferred over the standard username. This username is used for authentication and access controls.

  • Enter the IP address of the server where the gateway is installed in the Host IP Address field.

  • Enter the authentication port value you set for the gateway in the Auth Port field. The default value is 1812.

  • Enter the accounting port value you specified for the gateway in the Acc Port field. The default value is 1813. Note: After completing these fields, you must create a RADIUS client for the newly created RADIUS Gateway.

  • Click on the Add Radius Client option at the bottom of the displayed screen.

  • Enter a name for your Radius Client in the Radius Client field.

  • Enter the IP address of the Ivanti Pulse Connect that will communicate with the gateway in the IP Address field.

  • Enter the secret key that the client will communicate with the gateway in the Secret Key field.

  • Click on the Save button to confirm the settings.

hashtag
Configuring Radius Gateway

  • After creating the Radius Gateway, click on the Download > Config from the menu on the right side of the gateway.

  • This option will generate a script related to the gateway, which will be displayed from the RADIUS Setup config file. The config file will automatically begin downloading once this option is selected.

  • Replace the existing config file in the "C:\MirketRadius" directory with the downloaded file. Alternatively, copy the displayed script and paste it into the config file in "C:\MirketRadius".

  • Then, restart the Mirket Radius Service.

You can check whether the Radius Gateway you created is active by navigating to Configuration > Gateway.

hashtag
User and Group configuration on Mirket

To set up multifactor authentication, make sure you have at least one user or group in Mirket.

If it is preferred to use a local user, you can first create a local group and then create a local user and make the user a member of the group. Alternatively, you can create a local user without creating a local group.

If it is preferred to use LDAP users, the priority External Source is created by pulling users from Active Directory or OpenLDAP in Mirket. Note: Before proceeding, ensure that you have installed Mirket LDAP Gateway. (Refer to create LDAP Gateway.)

hashtag
Add a Radius Rule to Mirket

Radius Rules define user access to resources and the authentication methods available (such as SMS, Approve / Deny, OTP, etc.).

First, you should follow these steps:

  • Go to Configuration > Radius Rules.

  • Click on the Add Radius Rule button.

  • On the displayed screen, enter a name for the rule in the Name field.

  • Enter the rule description in the Description field.

  • Select the Radius Client to which the rule will apply from the Radius Client dropdown list.

  • Enter the source IP addresses to which the rule will apply in the Source Adress field.

  • Select the source countries where the rule will be applied from the Source Country dropdown list.

  • Click on the Next button.

  • Specify whether the rule will be applied to a user or a group.

  • After specifying, click on the Next button.

  • Select the users or groups to which the rule will apply. Transfer your selections to the Selected Users/Groups table by clicking the arrow icon next to the Available Users/Groups table.

  • Click on the Next button.

  • Select the time period when the rule will run.

    • All: The rule will run every day.

    • Recurring: The rule will run on the specified days and times.

    • One Time: The rule will run within the date range you specify.

  • After selecting, click on the Next button.

  • Specify whether the user or group will be granted access based on the rule in the Action field.

  • Select the authentication provider to which the rule will apply from the Auth Method dropdown list.

  • Click on Save to confirm the settings.

hashtag
Test the Integration

To validate the integration between Mirket MFA and your Pulse Secure, perform authentication using a mobile token on your mobile device. For RADIUS resources, available authentication methods include Approve/Deny authentication.

In this example, we illustrate the use of the Approve/Deny authentication method.

  • Launch Pulse Secure Connect.

  • Enter your Mirket username and your password.

  • Click on Connect. Then, select the 'Approve' option(found in the Mirket mobile app) immediately and make sure it doesn't time out.

hashtag
Related Topics

Radius Clients

Radius Rules

Local Group Configuration

Local Users Configuration

LDAP Group Configuration

LDAP Users

PreviousF5 integrationNextPalo Alto MFA for admin accounts

Last updated