Pulse Secure Browser Release Notes & User Guide Product Release 1.0 Document Revision 4.0 Published Date March 2017
Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose CA 95134 https://www.pulsesecure.net Pulse Secure and the Pulse Secure logo are trademarks of Pulse Secure, LLC in the United States. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Pulse Secure, LLC assumes no responsibility for any inaccuracies in this document. Pulse Secure, LLC reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Pulse Secure Browser Release Notes & User Guide The information in this document is current as of the date on the title page. END USER LICENSE AGREEMENT The Pulse Secure product that is the subject of this technical documentation consists of (or is intended for use with) Pulse Secure software. Use of such software is subject to the terms and conditions of the End User License Agreement ( EULA ) posted at https://www.pulsesecure.net By downloading, installing or using such software, you agree to the terms and conditions of that EULA. 2017 Pulse Secure, LLC. All rights reserved 2
Table of Contents Introduction...4 Supported Platforms...4 Known Issues...4 Launching Pulse Secure Browser...5 Supported Features...6 Tabbed Browsing...6 Navigation...6 URL History...6 Favorites/Bookmarks...7 User Created Bookmarks...7 System Defined Bookmarks...7 Downloads...8 Home Page...9 VPN Onboarding...9 VPN Connection...9 Supported Authentication...9 VPN Configuration...10 Split Tunneling Configuration...10 MIME Type Support...10 Support Information...11 Terms and Conditions...11 2017 Pulse Secure, LLC. All rights reserved 3
Introduction In order to use Per-app VPN for a browser-only access, customer admin will have to set up MDM and use the Pulse ios client. By using the light-weight Pulse Secure Browser app available on the ios Apple Store, the admin can avoid the need of having MDM setup. Pulse Secure Browser is a browser with a built-in L4 VPN tunnel that provides secure access to intranet resources. It can run with or without a VPN tunnel; accordingly, the intranet resources are accessed through the split tunneling. Pulse Secure Browser is designed to work as a standalone browser and it does not include any special integration with Pulse Connect Secure. Supported Platforms Pulse Secure Browser app is tested on the following platform: Platform Qualified Compatible ios 9.3.5 10.1.1 9.x 10.x Known Issues This release of Pulse Secure Browser has the following known issues: PR No. PSBIOS-10 Issue Description Occasionally Pulse Secure Browser page freezes while accessing Role bookmarks. Workaround: Click on the address bar and reload the page using keypad Go button. PSBIOS-46 Occasionally the Cancel button does not appear on the VPN page. Workaround: Restart the app. PSBIOS-61 Enabling split keyboard in Zoomed view overlaps the Pulse Secure Browser login screen. Workaround: none PSBIOS-73 Intermittent crashes observed on Pulse Secure Browser. Workaround: Restart the app. 2017 Pulse Secure, LLC. All rights reserved 4
Launching Pulse Secure Browser Pulse Secure Browser app is made available in the ios app store. Download the app on to the device. To launch Pulse Secure Browser: 1. Tap the Pulse Secure Browser icon. 2. In the Welcome screen, enter the corporate email or a valid VPN sign-in URL, and tap Submit. In the VPN screen, tap Login and then Connect. The list of Pulse Secure Browser supported features is displayed. Note: In the email-based authentication, once user enters email, client would parse domain and send it to a discovery server to fetch the VPN server URL Note: To use as a standalone browser, tap Cancel button in the Welcome screen. 3. If user want to use Pulse Connect Secure access, tap VPN Connection, enter user credentials in the Pulse Connect Secure screen and tap Sign In. 2017 Pulse Secure, LLC. All rights reserved 5
Supported Features Tabbed Browsing Tabbed browsing is supported for both iphone and ipad and includes both portrait and landscape orientation modes. Each tab contains a new instance of UIWebView, so the tabs are independent of each other. Navigation Pulse Secure Browser provides an address bar where a URL can be entered. The user can go back or forward in browsing history. Each tab has its own browsing history. The user can reload a URL in a tab. Note: The address bar does not include search function. URL History URL history is the list of URLs entered by a user in the address bar. This list is visible from the drop down attached to the address bar. Note: The browsing history is not maintained, so it is not available for user to view or delete. 2017 Pulse Secure, LLC. All rights reserved 6
Favorites/Bookmarks There are two types of bookmarks: User created (Custom Bookmarks) System defined/fetched from PCS server (Role Bookmarks) On the device, from the features list, tap Favorites. User Created Bookmarks The user created bookmarks can be edited and deleted. They are also not organized into any folder. System Defined Bookmarks The system defined bookmarks are of two types: Role bookmarks Custom bookmarks These bookmarks are accessed using plain bookmark URL. Hence, they use L4 VPN tunnel. These bookmarks are visible only after a successful VPN tunnel is established. They reside in a separate folder and cannot be edited or deleted. Note: There is no search feature for bookmarks. Bookmarks cannot be accessed using rewriter URL. 2017 Pulse Secure, LLC. All rights reserved 7
Downloads Pulse Secure Browser supports downloading the following MIME types/extensions: MIME Type application/pdf application/doc application/xls application/ppt application/vnd.openxmlformatsofficedocument.wordprocessingml.document application/vnd.openxmlformatsofficedocument.spreadsheetml.sheet application/vnd.openxmlformatsofficedocument.presentationml.presentation audio/mpeg video/mpeg application/zip application/vnd.ms-powerpoint image/jpeg application/txt application/png, image/png video/x-ms-wmv Extension.pdf.doc.xls.ppt.docx.xlsx.ppt.mp3,.mp4.mp3,.mp4,.avi.zip.pps.jpg.txt.png.wmv The downloaded files are stored in the Documents > Downloads folder of application sandbox. These files can be used across application launches. The download progress (calibrated by file size) is also visible to the user. If a download is aborted, it cannot be resumed. Downloads progress only when Pulse Secure Browser is in the foreground; incomplete downloads are aborted once Pulse Secure Browser moves to background. The downloaded files can be owned by the applications that support the file type using Open-In feature. The list of supported applications capable of opening the file is displayed to the user and user can choose one application. The user then flips to the target application. 2017 Pulse Secure, LLC. All rights reserved 8
Home Page User can set or reset a homepage URL. The homepage URL is automatically loaded in the first tab only. Subsequent tabs do not load the homepage. There are two ways to configure home page: User defined System defined/fetched from PCS server In case of system defined home page, user cannot set the homepage. Use the Settings option to set the home page. VPN Onboarding For the first time use, user can provide email address for onboarding. Pulse Secure Browser will fetch the PCS server URL from the Domain Discovery server. User can then configure VPN connection and connect. VPN Connection User can configure the VPN connection through email address or enter/edit the PCS server URL manually. Pulse Secure Browser can be configured with only one VPN connection. The VPN authentication UX is similar to the Pulse ios client. VPN connection can be connected or disconnected (logged out). Supported Authentication Pulse Secure Browser supports following authentication methods: Username/password SAML RSA token Note: Pulse Secure Browser does not support client certificate authentication. 2017 Pulse Secure, LLC. All rights reserved 9
VPN Configuration WSAM should be enabled on PCS server for the user/role for VPN tunneling to work. Split Tunneling Configuration To configure split tunneling: 1. Log in to PCS admin console. 2. Navigate to Users > User Roles > SAM. 3. Click Add Server and then add IP based WSAM destination servers that need to be L4 split tunneled. MIME Type Support The UIWebView used by Pulse Secure Browser has in-built support for a variety of MIME types. The list of document types supported is mentioned at: https://developer.apple.com/library/content/qa/qa1630/_index.html 2017 Pulse Secure, LLC. All rights reserved 10
Support Information From the list of Pulse Secure Browser features, tap Support. Terms and Conditions From the list of Pulse Secure Browser features, tap About. Then tap View Agreement. 2017 Pulse Secure, LLC. All rights reserved 11