Skip navigation
Documentation

Duo Two-Factor Authentication for Juniper Networks & Pulse Secure SSL VPN - FAQ

Last Updated: April 4th, 2024

Duo integrates with your Juniper Networks Secure Access or Pulse Secure Connect Secure SSL VPN to add two-factor authentication to any VPN login, complete with inline self-service enrollment and Duo Prompt.

Do you support Ivanti-branded Connect Secure VPN?

Yes, please see our Duo Single Sign-On for Ivanti Connect Secure for a SAML solution or Duo Two-Factor Authentication with RADIUS for Ivanti Secure Access SSL VPN for a RADIUS solution.

Can I use Universal Prompt with Juniper SSL VPN, Pulse Connect Secure VPN, or Ivanti Connect Secure?

Yes, via SAML 2.0 federation with Duo Single Sign-On. Please see the SAML configuration instructions for Ivanti Connect Secure. These same instructions may work with Juniper and Pulse firmware but we only test against Ivanti-branded firmware.

Do you support the Pulse Client?

Yes, our RADIUS and SAML configurations work with the Pulse client.

I'm seeing "You are not allowed to sign in. Please contact your administrator." during secondary authentication.

If you created a new Authentication Realm within your Juniper instead of using the default, make sure that you have assigned an appropriate "Role" to the new Realm for any users who will be using this Realm.

I received a message saying "Invalid Base DN or Filter" when I am adding the Duo LDAP Authentication Server.

This message can be ignored. You can safely click the Save anyway button and proceed with the application install instructions.

Why does a browser window open during Pulse client login to Connect Secure 8.2R2 and later?

Ensure that you did not check the "Use Custom Page for Pulse Desktop Client Logon" when uploading the Duo custom sign-in page. Navigate to AuthenticationSigning InSign-In Page and click the Duo sign-in page you uploaded earlier. If that option is selected, deselect it and save.

Why can my users no longer access file shares using SSO after enabling Duo?

You may need to adjust the SSO Resource Policy credentials settings. Log in to the Secure Access administration page, and navigate to Resource Policies > Files > Windows SSO.

Edit your existing Windows Credentials Policy (or create a new one). Modify the SSO Windows Credentials Policies Action settings as follows:

  • Click the radio button next to Use Specified Credentials....
  • Enter Domain<USERNAME> in the "Username" field.
  • Enter <PASSWORD> in the "Variable Password" field.

Save your changes to the policy.

Windows Credentials Policy

Additional Troubleshooting

Need more help? Try searching our Juniper Knowledge Base articles or Community discussions. For further assistance, contact Support.