Integration Guide for Pulse Secure with GreenRADIUS 2FA

Before starting, ensure GreenRADIUS is configured correctly to communicate with the local Active Directory or LDAP domain, as well as with the validation service (either local validation or the YubiCloud).

Configuring GreenRADIUS for Pulse Secure

In the GreenRADIUS web admin interface, add Pulse Secure as a RADIUS client.

  1. Click the Global Configuration tab
  2. Click the Client-based Authentication Policies icon
  3. Enter the IP address of Pulse Secure. Then enter the same RADIUS secret twice. Then click the Add button.

RADIUS Client Configuration

Pulse Secure Configuration

Add GreenRADIUS as a RADIUS Server

Befotre starting, ensure that network, interfaces, and client profiles are configured correctly.

  1. Log into the Pulse Secure Administrator Sign-In Page.
  2. Open the "Authentication" tab and select "Auth. Servers."
  3. Locate "RADIUS Server" and choose "New Server..."

RADIUS Server Configuration

  1. Configure the following fields
    • Name: GreenRADIUS
    • RADIUS Server: your_greenradius_ip
    • Authentication Port: 1812
    • Shared Secret: The same Client Secret configured under RADIUS Clients in GreenRADIUS

RADIUS Server Configuration

  1. Click "Save Changes" at the bottom
  2. Navigate to Users> User Realms
  3. Select your Authentication Realm (default "Users").
  4. Change the authentication server to GreenRADIUS or add an Additional Authentication Server.

RADIUS Server Configuration

  1. Choose "Save Changes."

Pulse Secure Prompt for Token (Optional)

By default, users submit their token OTPs (one-time passcodes) by appending them to their passwords in the password field. If desired, a separate OTP field can be used to submit OTPs instead of appending them to passwords. To configure this, follow the steps below.

  1. Enable "Prompt For OTP (RADIUS only)" in GreenRADIUS in the Global Configuration tab > General

New user group

  1. Choose "Save."
  2. In Pulse Secure, navigate to Authentication > Auth. Servers
  3. Open GreenRADIUS server settings
  4. Create a new custom RADIUS rule

New user group

  1. Configure the following fields: Name: OTP prompt Reply-Message(18) > matches the expression > Please provide OTP > choose Add Then take action > show Next Token page

New User Group

  1. Click "Save Changes"

A dedicated token page will appear after the usual user login:

New IPsec tunnel

Web Analytics Made Easy - StatCounter

Updated 2025-10-30
© 2025 Green Rocket Security Inc. All rights reserved.