Ivanti Pulse Connect 9.1 - Relying Party Configuration - SecurID Access Implementation Guide
2 years ago
Originally Published: 2021-10-01

Ivanti Pulse Connect 9.1 - Relying Party Configuration - SecurID Access Implementation Guide

This section describes how to integrate SecurID Access with Ivanti Pulse Connect using relying party. Relying party uses SAML 2.0 to integrate SecurID Access as a SAML Identity Provider (IdP) to Ivanti Pulse Connect SAML Service Provider (SP).

Architecture Diagram

Admin_Dharani_0-1633102786817.png

 

Configure SecurID Cloud Authentication Service

Perform these steps to configure SecurID Access Cloud Authentication Service as a relying party SAML IdP to Ivanti Pulse Connect.

 

Procedure

  1. Sign into the SecurID Cloud Administration Console and browse to Authentication Clients > Relying Parties and click Add a Relying Partyat the top right.

  2. For each section enter the required Relying Party information.

    1. Basic Information: Name for the Relying Party Authentication Client.

    2. Authentication: 

      1. Authentication Details: Choose RSA SecurID manages all authentication.

      2. Primary Authentication Method: Choose the appropriate Method. Note you cannot choose Determined by Service Provider at Run Time.

      3. Select the appropriate Access Policy For Additional Authentication base on your use case.

    3. Connection Profile.

      1. Assertion Consumer Service (ACS) URL : Enter the value obtained from the Pulse Connect Auth. Server configuration below.

      2. Service Provider Entity ID :Enter the value obtained Connect Secure Entity Idfrom the Pulse Connect Auth. Server configuration below.

      3. Under Message Protection: Download Certificate this Identity Provider Certificate will be used below in the Pulse Connect Auth. Server configuration below.

      4. Under Advanced Configuration Note the Entity ID for the Identity Provider this will be used below in the Pulse Connect configuration.

    4. Click Save and Finish.

    5. Click Publish Changes in the upper left hand side of the Administrator console when all changes have been finalized. Note if you make additional changes you will have to re-publish.

       

Configure Ivanti Pulse Connect

Perform these steps to configure Ivanti Pulse Connect as a Relying Party SAML SP to SecurID  Cloud Authentication Service.

Procedure

  1. Log into the Pulse Connect Secure Administrator page.

  2. Ensure the FQDN is configured for SAML.

      1. Browse to System -> Configuration -> SAML.

      2. Click on Settings.

      3. Review/Update the FQDN for SAML.

      4. Save Changes.

      5. Click on Update Entity ID's.

    Admin_Dharani_1-1633102838755.png

     

    Admin_Dharani_2-1633102871456.png

     

    Admin_Dharani_3-1633102898039.png

     

  3. Create an Authentication Server for SAML. 

      1. Browse to Authentication -> Auth. Servers.

      2. At New Select SAML Server as the Server type and click on New Server....

      3. Set Server Name.

      4. Set SAML Version to 2.0.

      5. Note the Connect Secure Entity Id. This is the URL will change for each SAML Auth. Server. This value is used in the configuration of the SecurID connector above.

      6. Set the Identity Provider Id from the Entity ID for the Identity Provider above.

      7. Set the Identity Provider Single Sign On Service URL from the Entity ID for the Identity Provider above.

      8. Upload Certificate Browse and open the Identity Provider Certificate downloaded from above.

      9. Set Metadata Validity to a reasonable value for your use case.

      10. Save and Close.

    Admin_Dharani_4-1633102945522.png

     

    Admin_Dharani_5-1633102979462.png

     

  4. Create a User Realm.

      1. Browse to Users -> User Realms.

      2. Click on New.

      3. Enter a unique Name.

      4. Set Authentication. Choose the appropriate Authentication Server created in Step 3 from the drop-down list.

      5. Save Changes.

      6. Select Role Mapping Tab and Click on New Rule... to create your required Rule as needed to further restrict access based on your requirements. ie. user name is * to match all user ids. Make sure to Add a Role to the Rule.  Users is the default system Role of all users . Click on Save Changes.

    Admin_Dharani_6-1633103083917.png

     

    Admin_Dharani_7-1633103116915.png

     

    Admin_Dharani_8-1633103153691.png

     

  5. Create a Sign-in Policy.

      1. Browse to Authentication -> Signing-In -> Sign-in Policies.

      2. Click on New URL....

      3. Select User type based on your.

      4. Set Sign-in URL. This is the URL for the given Secure Access Service.

      5. Select the associated Realm and click Add.

      6. Save Changes.

    Admin_Dharani_9-1633103244779.png

     

 

Next Step: Proceed to the Use Case Configuration Summary section for information on how to apply the Relying Party configuration to your chosen use case.

Related Articles

Trending Articles

Don't see what you're looking for?