Use Cases

Configuring SAML integration with PingFederate in Pulse Connect Secure

Steps

  1. In the Pulse Connect Secure administrative interface, go to System > Configuration > SAML.

    Screen capture of the Pulse Secure administrative console with the System tab selected.

  2. Click New Metadata Provider.

  3. Configure the new metadata provider:

    1. In the Name field, enter a name.

    2. In the Location field, select Local.

    3. In the Upload Metadata File field, click Browse and import the metadata file you saved in Configuring SSO for GlobalProtect VPN with PingFederate

    4. In the Signing Certificate field, click Browse and select the certificate file you saved in the previous topic Exporting the signing certificate from PingFederate.

    5. In the Roles field, select the Identity Provider checkbox.

    6. Click Save Changes.

      Screen capture of the Pulse Secure administrative console with the New Metadata Provider configuration fields displaying.

  4. In the Pulse Connect Secure administrative interface, go to Authentication > Auth Servers.

    Screen capture of the Pulse Secure administrative console with the Authentication > Auth Servers screen displaying.

  5. In the list, select SAML Server and then click New Server.

    Screen capture of the Server Type list with the SAML Server highlighted in blue.

  6. Configure the new server:

    1. Enter a Server Name.

    2. For SAML Version, click 2.0.

    3. For Configuration Mode, click Metadata.

    4. In the Identity Provider Entity ID list, select the identity provider (IdP) that you created in the previous steps.

    5. In the Identity Provider Single Sign On Service URL list, select the appropriate SSO URL.

      Screen capture of the Pulse Secure administrative console with the New Server configuration page showing the Settings section.

    6. In the SSO Method section, click POST.

    7. In the Select Certificate list, select the signing certificate you created previously.

    8. In the Metadata Validity field, enter any non-zero value.

      You must populate the Metadata Validity field even though it won’t be used.

    9. Select the Do Not Publish Connect Secure Metadata checkbox.

    10. Click Save Changes.

      Screen capture of the Pulse Secure administrative console with the New Server configuration page showing the SSO Method, Service Provider Metadata Settings, and User Record Synchronization sections.

    11. Click Download Metadata and save the file.

    12. In the Pulse Connect Secure administrative interface, go to Users > User Realms.

      Screen capture of the Pulse Secure interface with the User Realms page displaying.

    13. Select the authentication realm for your user population.

      Screen capture of the User Authentication Realms page of Pulse Secure.

    14. In the Authentication list, select the IdP that you configured.

      Screen capture of the General tab of the User Realms section of the Pulse Secure console.

    15. Click Save Changes.