Configuring SAML for Juniper Secure Access VPN


These steps will guide you through setting up the single sign-on functionality between OneLogin and Juniper Secure Access VPN.

Set up SSO in OneLogin:

  1. Go to Apps > Add Apps. 

  2. Search for Juniper SSL VPN and select it.

  3. Click Save to display additional configuration tabs.

  4. On the Configuration tab, enter your hostname and policy.

    1. Under Hostname, enter your Juniper SSL VPN / Pulse Connect Secure VPN hostname.

    2. Under Policy, enter the name of the policy. 

      Leaving the field blank results in the default policy being applied.

      Click Save.

  5. On the Parameters tab, map Juniper VPN user attributes to OneLogin attributes.04_PM.png

    Username maps to Username by default.

  6. On the SSO tab copy the SAML Endpoint (HTTP) and the Issuer URL.

    These will be entered into Juniper SSL VPN / Pulse Connect Secure VPN.

  7. Go to the SSO tab and click View Details to see the X.509 certificate.

  8. Select .PEM from the dropdown menu and click Download to get the certificate file.

  9. Under the Access Control tab choose which roles will have access to Juniper VPN.

Set up SSO in Juniper VPN:

  1. Log into the admin pages of the Juniper SSL VPN / Pulse Connect Secure VPN appliance.

  2. Go to Authentication > Auth Servers and add and configure a new SAML Server.

    juniper5.png

    1. Name your server and select SAML Version 2.0.

    2. For Identity Provider entity ID, enter your SAML Issuer URL.

    3. For Identity Provider Single Sign On Service URL, enter your SAML Endpoint (HTTP).

    4. For Allowed Clock Skew, insert 5.

    5. In the Metadata Validity section, enter 365 for days.

    6. Select Choose File to select and upload your X.509 certificate file.

    7. Click Save Changes.

  3. Go to Users > User Realms.

  4. Select the user realm for which you want to apply SAML sign on.

  5. In the Servers section, select OneLogin

  6. Click Save Changes.

Configure OneLogin

  1. Back in your OneLogin account, go to Settings > VPN.

  2. Select Enable SSL VPN, and then add your VPN Server URL and Gateway IP Addresses.

  3. Select the applications that you wish to access through your Juniper SSL VPN and then.

  4. Click Save.

Now when your users access these applications, they will authenticate through your configured Juniper SSL VPN / Pulse Connect Secure VPN.

Test SO

  1. Login to OneLogin.

  2. Make sure you are logged out of Juniper SSL VPN / Pulse Connect Secure VPN .

  3. Click the Juniper SSL VPN / Pulse Connect Secure VPN icon on your dashboard. This logs you into Juniper.

  4. Now you are done, and users will be able to launch the SSL VPN from OneLogin’s portal either directly or implicitly when launching another application that is located behind the corporate firewall.