Reset Search



KB44882 - AAA/Pulse: SAML login fails for macOS endpoints after enabling conditional access in Azure

« Go Back


Last Modified Date9/23/2021 11:15 PM
This article outlines a potential issue when using conditional access in Azure
Problem or Goal
After the Azure team has enabled conditional access, users with the Pulse client are no longer able to login to the Pulse Connect Secure (PCS) or Pulse Policy Secure (PPS) using the Pulse client with embedded browser enabled from a properly enrolled system
When viewing the logs in Azure, the reason shown is that there as no device ID found
When the user logs in from the same endpoint using a supported browser, the authentication completes successfully

The Pulse Secure development team is investigating a solution to allow the standard embedded browser to query for the device ID successfully and submit it to Azure during the login process. This fix is currently targeted for teh next major release of the Pulse client.

For immediate relief, the option Enable FIDO2 U2F for SAML Authentication can be enabled on the connection set (Users>Pulse Secure Client>Connections>connectionSetName). This downloads the Chromium Embedded Framework (CEF) to the endpoint for the Pulse client to use as the rendering engine.

Related Links
Attachment 1 
Created ByNick Christen



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255