The reason string for denying access and the prompt users get will be different depending on whether Host Checker is being enforced at the realm or at the role level. In both cases, authentication types that require username and password are affected and the user will be denied access.
If Host Checker is configured on the realm and is set to Require and Enforce then the end-user will immediately fail Host Checker compliance upon connecting with the following prompt:
You do not have permission to login
If Host Checker is only being evaluated at the realm level but is enforced on one or more roles with the option set to Allow users whose workstations meet the requirements specified by these Host Checker policies
then once the user enters their username/password they will fail Host Checker compliance with the following prompt:
Host Checker is supported only with Pulse Secure client
This issue occurs when all of the following conditions are met:
- Host checker is enforced on the realm or role.
- The authentication type for the realm requires username/password entry.
- User connects using Pulse Mobile for iOS 6.5.1
This issue does not apply to the following:
- Authentication realm is configured with certificate authentication with or without Host Checker enabled.
- Host Checker is disabled on both the realm and role.
- Host Checker is configured to evaluate on the realm and is not enforced on the realm or role.
- Pulse Mobile for iOS versions 6.5.0 and below are not impacted.