KB44882 - AAA/Pulse: SAML login fails for macOS endpoints after enabling conditional access in Azure

Printable View

« Go Back

Information

Last Modified Date	9/23/2021 11:15 PM

Synopsis

This article outlines a potential issue when using conditional access in Azure

Problem or Goal

After the Azure team has enabled conditional access, users with the Pulse client are no longer able to login to the Pulse Connect Secure (PCS) or Pulse Policy Secure (PPS) using the Pulse client with embedded browser enabled from a properly enrolled system
When viewing the logs in Azure, the reason shown is that there as no device ID found
When the user logs in from the same endpoint using a supported browser, the authentication completes successfully

Cause

Solution

The Pulse Secure development team is investigating a solution to allow the standard embedded browser to query for the device ID successfully and submit it to Azure during the login process. This fix is currently targeted for teh next major release of the Pulse client.

For immediate relief, the option Enable FIDO2 U2F for SAML Authentication can be enabled on the connection set (Users>Pulse Secure Client>Connections>connectionSetName). This downloads the Chromium Embedded Framework (CEF) to the endpoint for the Pulse client to use as the rendering engine.

Related Articles

KB44882 - AAA/Pulse: SAML login fails for macOS endpoints after enabling conditional access in Azure

Information

Feedback

Was this article helpful?