Ivanti Pulse Connect9.1 - RADIUS with AM Configuration - SecurID Access Implementation Guide
2 years ago
Originally Published: 2021-10-01

Ivanti Pulse Connect9.1 - RADIUS with AM Configuration - SecurID Access Implementation Guide

This section describes how to integrate Ivanti Pulse Connect with SecurID Authentication Manager using RADIUS.

Architecture Diagram

Admin_Dharani_0-1633101975116.png

 

Configure SecurID Authentication Manager

To configure your SecurID Authentication Manager for use with a RADIUS Agent, you must configure a RADIUS client and a corresponding agent host record in the Authentication Manager Security Console.

The relationship of agent host record to RADIUS client in the Authentication Manager can 1 to 1, 1 to many or 1 to all (global).

SecurID Authentication Manager listens on ports UDP 1645 and UDP 1812.

  1. Sign into the SecurID Authentication Manager Security Console.

  2. Browse to Authentication Clients > RADIUS > RADIUS Client > Add New and enter the Name, IP Address and Shared Secret.

    1. Enter a Client Name.

    2. Enter IPv4 Address . This is the IP of Pulse Connect user Login Server. See below.

    3. Enter Make/Model. Choose - Standard Radius -.

    4. Enter Shared Secret. This is the Shared Secret for the SecurID radius client. Note this will be used in the Pulse Connect RADIUS configuration below.

    5. Save & Create Associated SecurID  Agent.

  3. Get the IP or Hostname for the RADIUS Server. This is used in the Pulse Connect configuration below. Browse to RADIUSRADIUS Servers. Note the Server Name or IP Address this will be used in the Pulse Connect configuration below.

  4. Click Publish. When all changes have been finalized.

 

Configure Ivanti Pulse Connect

Perform these steps to configure Ivanti Pulse Connect as a RADIUS client to SecurID  Authentication Manager.

Procedure

  1. Sign into the Pulse Connect Administration Console.

  2. Create a Pulse Connect Authentication Server for Radius. Browse to Authentication > Auth. Servers

    Select RADIUS Server from server type drop-down menu and click on New Server.

    1. Enter the Name for the is Authentication Server.

    2. Enter Radius Server. This is the IP or Hostname for the RADIUS Server found above.

    3. Enter Shared Secret. This is the Shared Secret for the SecurID radius client created above.

    4. Enter Timeout. The default value is 30 seconds, this may be insufficient for MFA. If necessary, this value may need to be increased.

    5. Enter Backup Server Enter Backup Server information if you have more than one SecurID Authentication Manger RADIUS server.

    6. Save Changes.

  3. Create a User Realm.

      1. Browse to Users -> User Realms.

      2. Click on New.

      3. Enter a Name for your User Realm.

      4. Set Authentication. Choose the appropriate Authentication Server from the dropdown list. Created in step 2.

      5. Save Changes.

      6. Select Role Mapping Tab and Click on New Rule... to create your required Rule as needed to further restrict access based on your requirements. ie. user name is * to match all user ids. Make sure to Add a Role to the Rule .  Users is the default system Role of all users . Click on Save Changes.

    Admin_Dharani_1-1633102056995.png

     

    Admin_Dharani_2-1633102097601.png

     

  4. Create a Sign-in Policy.

      1. Browse to Authentication -> Signing-In -> Sign-in Policies.

      2. Click on New URL....

      3. Select User type . Typically Users.

      4. Set Sign-in URL. This is the URL for the given Secure Access Service.

      5. Select the associated Realm and click Add. Realm created in Step 4.

      6. Save Changes.

    Admin_Dharani_3-1633102158897.png

     

    Admin_Dharani_4-1633102194505.png

     

 

Next Step: Proceed to the Use Case Configuration Summary section for information on how to apply the RADIUS configuration to your use case.

Related Articles

Trending Articles

Don't see what you're looking for?