SyferLock Help Center

Pulse Secure and SyferLock GridGuard Integration

Follow standard GridGuard Install, Setup & Initial Configuration

https://support.syferlock.com/hc/en-us/categories/200167323

Then:

On the SyferLock GridGuard Server (Virtual Appliance) Administration & Configuration Console:

Create new ServiceProvider Definition called "PulseSecure" 

  • Pulse Connect Secure requires an RSA IDP signing certificate. Make sure to use one when selecting the Signing Certificate.
  • On "Reference URLs", make note of the Metadata URL link
  • On SAML Configuration page, export the RSA IDP signing certificate you used above as SigningCert.pem

Navigate to the Pulse Connect Secure admin console.

Under System->Configuration->SAML

  • Click on Settings and verify data, especially Host FQDN.  Use the Fully Qualified Domain Name (FQDN). Do not use the Internet Protocol Address (IP Address).   For example, gridguardLB01.mycompany.com instead of 10.2.2.1

Create a new Metadata Provider

  • Enter a Name
  • Location is "Remote"
  • Download URL is the Metadata URL from the GridGuard Server (Virtual Appliance)
  • Select "Accept Untrusted Server Certificate" and "Accept Unsigned Metadata" (GridGuard Metadata is unsigned)
  • Upload the Signing Certificate saved above (SigningCert.pem)
  • Check "Identify Provider" under Roles
  • Save Changes
  • This will return to SAML Configuration page, verify new Metadata Provider is listed
  • Select the Provider check box, and click Refresh - Status should update to "Success"

Under Authentication->Auth. Servers

  • Select ServerType is SAML Server, Click New Server
  • Enter a Name
  • Configuration Mode is Metadata
  • Select Identity Provider Entity Id that matches the GridGuard Signing Certificate name
  • Verify Identity Provider Single Sign On Service URL is set
  • Make sure a certificate has been selected under "Select Device Certificate for Signing"
  • Ensure Metadata Validity is set
  • Save Changes
  • Download Metadata file. You will use this later.

Under Users->User Realms create a new Authentication Realm (or use default)

  • Authentication is set to SAML Authentication Server created above
  • Save Changes

This completes the Pulse Connect Secure side of the integration. 

Next, we will finalize the SyferLock GridGuard side of the integration.

 Navigate back to the SyferLock GridGuard Administration & Configuration Console.

Go to the SAML configuration you created in the first steps. 

  • Import saved Metadata file and verify Entity ID, Certificate, and ACS URL have values.
  • Select the Signing Certificate
  • Select the Realm and Name Identifier
  • Apply Changes

This completes the SyferLock GridGuard configuration. 

Test the new integration by attempting to log-in using SAML authentication to Pulse Connect Secure.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk