Secure it as you would any sensitive credential. The security of your Duo application is tied to the security of your secret key (skey).
#Duo admin login page download#
Download the DigiCert SHA2 High Assurance Server CA and DigiCert TLS RSA SHA256 2020 CA1 certificates from the DigiCert site for installation on your device.You will need to upload this to your Pulse SSL VPN. This file is customized for your account and has your Duo account ID appended to the file name (after the version).
#Duo admin login page zip file#
Download the Duo Juniper 8.x package zip file for your device's firmware version from the Duo Admin Panel (even for Pulse v9.x devices).Note that as of September 7, 2023, you cannot create new applications of this type. Find your existing Juniper SSL VPN application and click to view the application details.Log in to the Duo Admin Panel and navigate to Applications.You should also have a working primary authentication configuration for your SSL VPN users, e.g. Log on to your Pulse administrator interface and verify that your firmware is version 8.3, 9.0, or later. Make sure that Duo is compatible with your Pulse Secure Access SSL VPN.
#Duo admin login page how to#
First Stepsīefore moving on to the deployment steps, it's a good idea to familiarize yourself with Duo administration concepts and features like options for applications, available methods for enrolling Duo users, and Duo policy settings and how to apply them. See Duo Knowledge Base article 7546 for additional guidance. If your organization requires IP-based rules, please review Duo Knowledge Base article 1337.Įffective June 30, 2023, Duo no longer supports TLS 1.0 or 1.1 connections or insecure TLS/SSL cipher suites. This application communicates with Duo's service on SSL TCP port 636.įirewall configurations that restrict outbound access to Duo's service with rules using destination IP addresses or IP address ranges aren't recommended, since these may change over time to maintain our service's high availability. If you are still running Juniper v8.2 or lower firmware, please see the Juniper SSL VPN instructions.
This also supports integrating Duo into a single Pulse sign-in URL with multiple authentication realms. The Pulse/Ivanti Connect Secure RADIUS configuration does not feature the interactive Duo Prompt for web-based logins, but that configuration does capture client IP information for use with Duo policies, such as geolocation and authorized networks, and offers configurable fail mode. This integration expressly supports Juniper/Pulse SSL VPN and is not guaranteed to work with any other VPN solution (including Ivanti-branded Pulse system software). There is no configurable fail mode for LDAPS connections, so if your device cannot contact Duo's service your users won't be able to log in with Duo. LDAPS authentications do not report a client IP address when the Pulse VPN client is used. Your device makes a direct connection to Duo's cloud service using LDAPS.
This Pulse Connect Secure SSL VPN configuration supports inline self-service enrollment and the Duo Prompt for web-based VPN logins, and push, phone call, or passcode authentication for Pulse desktop and mobile client connections that use SSL encryption. These instructions remain available for reconfiguring your existing application. Please visit the article Guide to end of life for the Duo LDAP cloud service (LDAPS) used to provide 2FA for Cisco ASA, Juniper Networks Secure Access, and Pulse Secure Connect Secure SSL VPN for further details, and review the Duo End of Sale, Last Date of Support, and End of Life Policy. See the "Related" links to the left to explore more RADIUS configurations. We recommend you deploy Duo Single Sign-On for Ivanti Connect Secure to protect Pulse Connect Secure SSL VPN with Duo Single Sign-On, our cloud-hosted identity provider featuring Duo Central and the Duo Universal Prompt.Īnother alternative to direct LDAPS connections is adding Duo authentication to Pulse Connect Secure SSL VPN using RADIUS and the Duo Authentication Proxy, for example, RADIUS with Automatic Push for Pulse Connect Secure SSL VPN. Customers may not create new Juniper SSL VPN (used with Pulse VPN) applications after September 7, 2023. Direct LDAP connectivity to Duo for Pulse Connect Secure SSL VPN will reach end of life on March 30, 2024.
0 kommentar(er)
