Introduction
The purpose of this document is to provide a configuration guideline on how to implement Mideye two-factor authentication for Pulse Connect Secure.
Requirements
A Mideye Server (any release). If there is a firewall between the Pulse Connect Secure and the Mideye Server, it must be open for two-way RADIUS traffic (UDP, standard port 1812). Pulse Connect Secure acts as a RADIUS client towards the Mideye Server. Hence, the Pulse Connect Secure must be defined as a RADIUS client on the Mideye Server. Refer to Configuration guide for information on how to define a new RADIUS client.
Prerequistes
This guide requires an already functioning Pulse Connect Secure environment.
Integration steps
Login to pulse secure using the admin page https://FQDN/admin.
Create a new authentication server
Navigate to “Authentication” followed by “Auth.Servers”. Select “RADIUS Server” in the dropdown list and select “New Server…”
Name: Give the authentication server a friendly name.
NAS-Identifier: Leave blank.
RADIUS Server: Enter the IP or hostname of the Mideye Radius Server.
Authentication port: Default value is UDP/1812.
Shared Secret: Enter a shared secret that should be identical on both the pulse secure and the Mideye Server RADIUS-client.
Accounting: Leave as default
Timeout: Set the timeout to 35 seconds. This is mandatory, so that any fallback method have enough time to finish before timing out.
Retries: Set to 0.
Under “Custom Radius Rules”, click “New RADIUS Rule.”
Name: Name the rule “Access Reject”
Response Packet Type: Access Reject
Attribute criteria: Radius Attribute; Reply-Message (18), matches the expression; Add (.*) to value field; Click “Add”.
Select “Show user login page with error message” –> “Show Reply-Messages attribute from the RADIUS server to the user”
Click “Save Changes”.
Again, click “New RADIUS Rule”
Name: Name the rule “Access Challenge”
Response Packet Type: Access Challenge
Attribute criteria: Radius Attribute; Reply-Message (18), matches the expression; Add (.*) to value field; Click “Add”.
Select “Show Generic Login page”
Click “Save Changes”.
Click “Save changes” to save the authentication server
Apply the authentication server to a user realm
Navigate to “Users” –> “User realm” and select to realm that should be protected using Mideye authentication. Add the created RADIUS-server and click “Save Changes”
Troubleshooting
Check RADIUS-logs
Check if anything is written to the Mideye RADIUS logs
Mideye Server\log\radius-messages.log
If nothing is logged, verify that udp/1812 is allowed between your Secure Pulse and Mideye Server.
Contact Mideye support
For further support please contact Mideye support, support@mideye.com, +46854514750.