Two-Factor Authentication for Pulse Connect Secure SSL VPN with Duo

( upbeat instrumental music) -[ Instructor] Hi, I’mMatt from Duo Security. In this video I’m going to show you how to protect your PulseConnect Secure SSL VPN with Duo. Be sure to reference the documentation for this configuration atduo.com/ docs/ pulseconnect. Before starting the setup process, make sure that Duo iscompatible with your Pulse VPN. Log on to your head network interface and verify that yourfirmware is version 8.2. In addition, you need to have a functional primary authentication configuration for your SSL VPN users, such as LDAP authenticationto active directory.( upbeat instrumental music) Log in to the Duo admin panel.( upbeat instrumental music) In the left side bar, click applications.Click Protect anapplication and type juniper in the search bar. Under the entry for Juniper SSL VPN, sound protect this application. Your integration key, secretkey, and API host name are provided at the topof the belongings page. You will be required these later during setup. Click the link to downloadthe Duo Juniper 8. x box. This record is customized for your account and has your Duo account IDappended to the file name. Note that Duo’s Juniper configuration is compatible with Pulse Connect Secure and you can change the displayname of this application at the bottom of the assets page.For easy reference, changethe list of this application to Pulse Connect Secure VPN.( upbeat instrumental music) Click save changes.( upbeat instrumental music) Now revise the sign in page. Log in to your Pulse Connect Secure administrator web interface.( upbeat instrumental music) In the top menu, navigateto authentication, signing in, sign in pages.( upbeat instrumental music) Click upload custom pages.( upbeat instrumental music) In the epithet field, kind Duo.Set page kind to Access.( upbeat instrumental music) Next to templates file, clink Browse and adopt the Duo Juniper zip file you downloaded from the admin committee. Do not adopt the use custom page for Pulse desktop client logon or inspire the secondary credentials on the second page options, if they are present. Check the bounce validationchecks during upload box. Click upload custom pages. You may reject any notifications that were presented. Next add the Duo LDAP server. Open a brand-new browser opening and steer to duo.com/ docs/ pulseconnect.( upbeat instrumental music) Scroll down to the Add theDuo LDAP Server section of the documentation. The report contains strings you cancopy from this section to induce setup easier.( upbeat instrumental music) In the top menu of youradministrator interface, navigate to authentication, auth servers.( upbeat instrumental music) In the auth server typelist, select LDAP server. Click new server.( upbeat instrumental music) In the identify battleground, kind Duo-LDAP.In the LDAP server battleground, enter your API hostname from your works properties page in the Duo admin panel.( upbeat instrumental music) Set the LDAP port to 636.( upbeat instrumental music) In the LDAP server typedrop down, select generic. Next to bond, clickthe radio button for LDAPS. In the authentication involved division, check the authenticationrequired to search LDAP box.( upbeat instrumental music) Copy the admin DN stringfrom the documentation page and paste it in the admin DN field in the Pulse Secure web interface.( upbeat instrumental music) Replace the integrationunderscore key variable with your integrating key.( upbeat instrumental music) Then print your confidential key and adhesive it in the password arena. In the finding user records division, copy the fibre you used inthe admin DN section above and adhesive it in the base DN field.( upbeat instrumental music) Then mimic the filter fromthe documentation page and paste it in the filterfield in the web interface.( upbeat instrumental music) Click save.( upbeat instrumental music) After you sounds save, youmight receive a theme indicating that the LDAPserver is unreachable.You can disregard this message. Now you need to configure a customer realm for the Duo LDAP server. To accomplish this, you cancreate a brand-new realm for testing, create a realm to graduallymigrate useds in these systems, or use the default users realm. For this video, we have already generated a Duo consumers group that we will configure to use Duo for secondary authentication. In your VPN interface, navigate to users, customer realms, and click the link for the user realm you want to add secondary authentication to. Under the additionalauthentication servers region, adopt the enable additionalauthentication server checkbox.( upbeat instrumental music) In the authentication number two land, adopt Duo-LDAP. Next to user name is, hand-picked the radio button for predefined as and register if it is not already present.( upbeat instrumental music) Next to password is, hand-picked the button for specified by user on sign in page.( upbeat instrumental music) Check the box for endsession if authentication against this server neglects.( upbeat instrumental music) Click save changes .( upbeat instrumental music) Click the authentication plan tab at the top of the pageand then click password.( upbeat instrumental music) In the options for the additional authentication server slouse, select allow all users. Click save changes.( upbeat instrumental music) To finish setting up your integrating, configure a sign in policyfor secondary authentication. In this precedent we will use the default asterisk slash URL policy, but you can set up a brand-new sign in policy at a usage URL like asteriskslash Duo-testing for testing. In the top menu, go to authentication, ratifying in, sign in plans.( upbeat instrumental music) Click the link for the sign in policy that you want to modify. In the sign in page schedule, hand-picked Duo.( upbeat instrumental music) In the authentication realm segment, adopt the radio button for used selects from a index of authentication realms. Choose the user realmyou configured earlier and click add.Make sure this is the only selected realm for this sign in page. Click save changes.( upbeat instrumental music) With everything configured, it is now time to test your setup. In your browser, navigate to the URL that you determined for your sign in policy.( upbeat instrumental music) After you accomplish primary authentication, the Duo Prompt sounds. Use this inspire, users can enroll in Duo or complete two-factor authentication. Since this user has alreadybeen enrolled in Duo, you can select send me a pushing, call me, or participate a passcode. Select send me a push tosend a Duo push notification to your smartphone.On your phone, open the notification, sound the light-green button toaccept, and you’re logged in. You have successfully set upDuo two-factor authentication for you Pulse Connect Secure VPN.( upbeat instrumental music ).

You May Also Like