Part 1 – Configuration on LastPass Dashboard
You can add PulseSecure as a web app.
- Open the LastPass Admin Dashboard. Select “Applications” from the left side menu and then select “Web App” from the submenu.
- Click on “+ Add SSO App” button from the upper right corner.
- A pop-up window will appear. Under the section: “Select your app”, click on “Search…” and type PulseSecure to search the LastPass Catalog. Select PulseSecure from the drop-down menu.
- Under the section: “Identity Provider”, you will find the required information such as “Entity ID”, “SSO End Point”, and “Logout URL”. Also, you can download the LastPass Metadata xml or Certificate file to your computer by clicking on the download arrow button next to “Metadata” or “Certificate”.
Part 2 – Configuration on PulseSecure
- Open a new tab on your browser and log into your PulseSecure admin account.
- Click on ”Auth. Servers” on the left- side of the menu.
- Click on “New Server“ to create a new “SAML server”.
- If “SA Entity Id” is empty, click on “SAML Setting“.
- Enter your domain in “Host FQQN For SAML” and “Save Changes”.
- Enter a new “Server Name“.
- Paste the “Entity ID” and “SSO End Point” info that you copied from LastPass admin dashboard into the “Identity Provider Entity Id“ “Identity Provider Single Sign-On Service URL”.
- Upload the certificate you downloaded from LastPass by clicking on “Choose File” and save the setting.
- Fill the “Allowed Clock Skew” and “Metadata Validity” section and save changes.
- Copy the “SA Entity Id”.
- Click “Save“.
- Go back to the PulseSecure Directory page. Add “LP SSO” into the “Authentication” field and “save changes“.
Part 3 – Finalizing SSO Configuration
- Go back to the browser tab where you have the LastPass Admin Dashboard open.
- Expand the “Service Provider” section and paste the “Entity ID” you copied from the PulseSecure website.
- Paste the following URL into the “ACS URL” text box:
https://(Your Domain or IP Address)/dana-na/auth/saml-consumer.cgi
The PulseSecure app is now configured! You can assign users to the PulseSecure.