Pulse Secure Client for Chrome OS

Similar documents
Pulse Secure Desktop Client

Pulse Mobile. Android for Work Guide. Product Release 5.1R3. Document Revision 1.0 Published:

STRS OHIO F5 Access Client Setup for ChromeBook Systems User Guide

Pulse Secure Desktop Client

Cloud Secure Integration with ADFS. Deployment Guide

PULSE CONNECT SECURE APPCONNECT

Table of Contents HOL-1757-MBL-6

Table of Contents. VMware AirWatch: Technology Partner Integration

Pulse Secure Mobile Android

Slack Cloud App SSO. Configuration Guide. Product Release Document Revisions Published Date

Pulse Secure Desktop Client

Installing and Configuring vcloud Connector

Pulse Secure Browser. Release Notes & User Guide

Pulse Secure Desktop Client

Pulse Secure Browser. Release Notes & User Guide

Pulse Workspace Appliance. Administration Guide

VMware Horizon Client for Chrome Installation and Setup Guide. 15 JUNE 2018 VMware Horizon Client for Chrome 4.8

Remote Support 19.1 Web Rep Console

Remote Support Web Rep Console

Pulse Secure Desktop Client

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

Pulse Secure Desktop Client

Pulse Connect Secure. Network Connect and Windows Secure Access Manager (WSAM) Error Messages. Product Release 8.1

MyFloridaNet-2 (MFN-2) Remote Access VPN Reference Guide

Integrating AirWatch and VMware Identity Manager

Pulse Secure Mobile Android

AT&T Global Network Client for Mac User s Guide Version 2.0.0

Cloud Secure. Microsoft Office 365. Configuration Guide. Product Release Document Revisions Published Date

AT&T Global Network Client for Mac User s Guide Version 1.7.3

Pulse Secure Desktop Client

VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager

Copyright NeoAccel Inc. SSL VPN-Plus TM. NeoAccel Management Console: Network Extension version 2.3

Android Rep Console

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Pulse Secure Desktop Client Supported Platforms Guide

Pulse Secure Desktop Client Supported Platforms Guide

Pulse Secure Desktop Client

The process of creating a Mobile Connect connection is slightly different depending on which type of SonicWall appliance you are connecting to.

Pulse Secure Mobile Android Release 6.3.0

Installing and Configuring vcloud Connector

VMware Identity Manager Administration

Pulse Secure Desktop Client

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

AT&T Global Network Client for Android

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

Table of Contents HOL-1757-MBL-5

Windows 8.1 and Windows 10 a) Connect to wireless network Click on the wireless icon in taskbar. Select detnsw and click on Connect.

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Pulse Secure Mobile Android Release 5.2R1

Pulse Secure Desktop Client

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

Pulse Secure Mobile Client

Pulse Secure Client for Linux

Pulse Secure Client Linux Quick Start Guide

DSS User Guide. End User Guide. - i -

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

Pulse Secure Desktop Client Release Notes

Using Secure Mobile Access Connect Agents

ActivIdentity 4TRESS AAA Web Tokens and F5 BIG-IP Access Policy Manager. Integration Handbook

VPN Installation Quick Setup Guide

APSCN VPN SETUP F5 VPN October Update

Parallels Remote Application Server

AWS Remote Access VPC Bundle

Dell EMC OpenManage Mobile. Version User s Guide (Android)

Citrix Access Gateway Implementation Guide

UNT System Campus VPN Guide

Junos Pulse Secure Access Service Release Notes

New in Release: Secomea Release 8.0. This document shows the changes from release 7.4 to release 8.0. Version: 1.5, 2018

NetExtender for SSL-VPN

owncloud Android App Manual

VMware AirWatch: Directory and Certificate Authority

Sync User Guide. Powered by Axient Anchor

Barracuda Networks NG Firewall 7.0.0

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Parallels Remote Application Server

VMware Horizon Client for Chrome OS User Guide. 04 JAN 2018 VMware Horizon Client for Chrome OS 4.7

Appserv Internal Desktop Access Mac OS Device with Safari Browser. Enter your Appserv username and password to sign in to the Website

Setting Up Resources in VMware Identity Manager

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

Enter your Appserv username and password to sign in to the Website

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

Integration Guide. LoginTC

Five9 Plus Adapter for Agent Desktop Toolkit

Quick Start Guide for the Cisco Unity Connection Web Inbox (Release 11.x)

Device LinkUP + VIN. Service + Desktop LP Guide RDP

STRS OHIO Telework F5 BIG-IP Edge Client for Mac Systems (Imac, Air, Macbook, Mini) User Guide

Using the Terminal Services Gateway Lesson 10

CRYPTOCard BlackBerry Token Implementation Guide

TSS-7/TSS-10 7" and 10.1" Room Scheduling Touch Screens

Comodo IT and Security Manager Software Version 5.4

GRS Enterprise Synchronization Tool

Managing the VPN Client

Symantec Mobile Management for Configuration Manager 7.2 MR1 Release Notes

Novell Access Manager

owncloud Android App Manual

4TRESS FT2011 Out-of-Band Authentication and Juniper Secure Access

VMware AirWatch Chrome OS Platform Guide Managing Chrome OS Devices with AirWatch

Enterprise Access Gateway Management for Exostar s IAM Platform June 2018

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

Kerio VPN Client. User Guide. Kerio Technologies

Transcription:

Pulse Secure Client for Chrome OS Quick Start Guide Published March, 2018 Release 5.2r1 Version 1.6 2018 by Pulse Secure, LLC. All rights reserved 1

Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose, CA 95134 http://www.pulsesecure.net 2018 by Pulse Secure, LLC. All rights reserved Pulse Secure and the Pulse Secure logo are trademarks of Pulse Secure, LLC in the United States. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Pulse Secure, LLC assumes no responsibility for any inaccuracies in this document. Pulse Secure, LLC reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Pulse Secure Client for Chrome OS Quick Start Guide The information in this document is current as of the date on the title page. END USER LICENSE AGREEMENT The Pulse Secure product that is the subject of this technical documentation consists of (or is intended for use with) Pulse Secure software. Use of such software is subject to the terms and conditions of the End User License Agreement ( EULA ) posted at http://www.pulsesecure.net/support/eula. By downloading, installing or using such software, you agree to the terms and conditions of that EULA. 2018 by Pulse Secure, LLC. All rights reserved 2

Revision History Revision Date Description 1.6 March 2018 5.2 R1 1.5 June 2016 5.2.1.17 1.4 April 2016 5.2.1.15 1.3 February 2016 5.2.1.14 1.2 November 2015 5.2.1.9 1.1 October 2015 5.2.1.8 1.0 September 2015 5.2.1.7 2018 by Pulse Secure, LLC. All rights reserved 3

Table of Contents Revision History... 3 Introduction... 5 Overview... 5 Supported Platforms... 5 Supported Features... 6 Limitations... 7 Diagnostics and Status... 7 Configuring Server VPN Policy... 11 Configuring Manual Connections... 13 Modifying VPN Connection... 16 Deleting VPN Connection... 17 Starting and Stopping VPN Connections with Chrome OS... 18 Appendix A... 19 Chromebook Advanced Sync Settings... 19 Appendix B... 21 Managing Certificates on Chromebook... 21 Importing Client Certificates... 21 Importing Public Key Certificate of the Issuer of the PCS Gateway... 23 Appendix C... 24 Google Management Console... 24 Managing Connection Policy... 26 Index... 30 2018 by Pulse Secure, LLC. All rights reserved 4

Introduction Overview Pulse Secure client for Chrome OS provides secure connectivity between a device running Chrome OS and Pulse Connect Secure. Pulse Secure client for Chrome OS is available from the Chrome Web Store. After installing the Pulse Secure client app on a Chrome OS device, the user can configure a connection and establish Layer 3 VPN (SSL) communications. Configuration on the Pulse Connect Secure gateway to support Pulse Secure clients for Chrome OS is the same as that of Pulse for Windows and Mac OSX. Use the sign-in policies, authentication realms, roles and VPN tunnel policies to define authentication and access permissions. A typical Pulse server configuration for Chrome OS access is to create a realm, a role and a remediation role that are designed for Chrome OS users. Figure 1: Pulse Secure Client for Chrome Web Store App Page Supported Platforms Pulse Secure client for Chrome OS is supported on devices running version 43.0.2357.19 or later of Chrome OS. 2018 by Pulse Secure, LLC. All rights reserved 5

Pulse Secure client for Chrome OS is supported on Pulse Connect Secure version 8.1 and later. Supported Features The following features are supported by the Pulse Secure client for Chrome OS: VPN (SSL) connections to Pulse Connect Secure v8.1 and later Manual end-user connection and disconnection Authentication types: o o o o o o Username and password Username and RSA token code (User PIN and system PIN are supported.) Client certificate and smart card Radius challenge/response Secondary authentication SAML (Security Assertion Markup Language) Authentication server prompts for retry, change password, create PIN, change PIN and next-token code Realm and role selection Pre- and post-authentication sign-in notification messages IPv4 Split tunneling enabled and disabled Note: Pulse for Chrome OS connections always have local subnet access enabled. Split tunneling policies: IPv4 inclusion and exclusion routes (In split-tunneled mode, the Pulse Connect Secure DNS search-order configuration settings do not apply to Pulse for Chrome OS.) Host Checker (OS-Check only) Graceful handling of sleep/wakeup transitions, including session resumption and termination App download from Google s Chrome Web Store Tunnel proxy settings 2018 by Pulse Secure, LLC. All rights reserved 6

Limitations The following features are not available with Pulse Secure client for Chrome OS: Connections to Pulse Policy Secure gateways or gateways from third parties (Only connections to Pulse Connect Secure gateways are supported.) Host Checker (only the Host Checker OS-Check is supported) Machine authentication Location awareness rules Logon and logoff scripts WINS server tunnel parameter UDP-ESP tunnel (only SSL mode is supported) Certificate trust override prompt RSA soft-token integration Session extension Manual suspend/resume tunnel Diagnostics and Status After installing the Pulse app on a Google Chrome device, you can see the Pulse Secure icon by clicking on the launcher icon available in the lower left-hand corner of the Google Chrome desktop screen. 2018 by Pulse Secure, LLC. All rights reserved 7

Figure 2: Chrome OS Apps List Pulse Secure icon When you click on the Pulse Secure icon, a screen appears that has Status, Pulse Log and About tabs, and Refresh and Clear Credentials buttons. 2018 by Pulse Secure, LLC. All rights reserved 8

Figure 3: Diagnostics and Status screen Pulse Log tab A brief description about these items is given in the table below. Table 1: Diagnostics and Status Item Status tab Description Provides the version of the Pulse client and information about the number of connections attempted (including failures) and packets transmitted. The status is used to verify if connections are being created correctly and if data is being transmitted through the secured tunnel. Pulse Log tab About tab Displays detailed diagnostics logs and debug information. If you need help diagnosing a connectivity issue, you may be asked to provide these logs to an authorized support representative. Displays the Pulse app version, copyright and trademark information. Refresh button Clear Credentials button Updates the Status and Pulse Log tabs. Clears any connection s automatically saved credentials such as the user password or client certificate selection. To clear any other information, use the Edit Connections dialog. Note: The Status and Pulse Log tabs are static, which means that they will display only the state of the Pulse app at the time the Pulse app was started. The screen will not 2018 by Pulse Secure, LLC. All rights reserved 9

dynamically update as additional data is transmitted. To update Status or Pulse Log, click the Refresh button. 2018 by Pulse Secure, LLC. All rights reserved 10

Configuring Server VPN Policy The Pulse Secure client enables you to secure your company resources using authentication realms, user roles and resource policies. For complete information on the Pulse Connect Secure gateway, see the Pulse Connect Secure documentation. The Pulse Connect Secure gateway checks the authentication policy defined for the authentication realm. The user must meet the security requirements that are defined for a realm's authentication policy. At the realm level, you can specify security requirements based on various elements, such as the user's source IP address or the possession of a client-side certificate. If the user meets the requirements specified by the realm's authentication policy, the gateway forwards the user's credentials to the appropriate authentication server. If this server successfully authenticates the user, then the gateway evaluates the role-mapping rules defined for the realm to determine which roles to assign to the user. The following is a generalized example of configuring a Pulse Connect Secure gateway for the Pulse for Chrome OS app. Click Users > User Roles and then either select an existing role (preferred) or create a new role. If creating a new role, specify a name and optional description for the role, for example: Chrome OS Role, Chrome OS VPN Role. To use certificate authentication at the role level, click Restrictions > Certificate on the role s General tab, and add the required certificate information. To sign in, enable certificate authentication by clicking Only allow users with a client-side certificate signed by Certification Authority. Note: One typical method of installing the client certificate on a Chrome OS device is to send the certificate as an attachment to the Chrome OS user. The certificate must be installed on the Chrome OS device before the user can connect. The user is prompted to select the certificate during the initial Pulse Secure client connection process. There are other mechanisms for transferring the certificate to the client, including MDM systems and Google Drive. Define the trusted client certificate authorities. For complete information on certificate authentication, see Understanding Digital Certificate Security. Note: Due to limitations, you must specify the set of client certificate issuer certificate authorities. The Chromebook does not support the specification of root or intermediate certificate authorities in certificate authority hierarchies greater than 2. Set the options on the role s Web and Files tabs as required. Click Users > User Realms and then create a new realm or select an existing realm. Configure and 2018 by Pulse Secure, LLC. All rights reserved 11

save your options on the General and Authentication Policy tabs. On the Role Mapping tab, click New Rule to create a new role-mapping rule. One option for a role-mapping rule is to create a custom expression that uses the user agent string to identify a Chrome OS device. The Pulse Secure client for Chrome OS user agent string has a form like this: Pulse-Secure/8.1.0.0 (ChromeOS; ARM) PulseVpn/5.2.1.0 You can use all or part of the string in a custom expression that uses the useragent variable. For example: useragent = '*ChromeOS*' Select the role that you created earlier for the Chrome OS users, add it to the Selected Roles list, and then click Save Changes. 2018 by Pulse Secure, LLC. All rights reserved 12

Configuring Manual Connections Pulse Secure client for Chrome OS is available from the Chrome Web Store. After the user installs the app, the user can create Pulse Secure client connections. Figure 4 shows the Pulse Secure client after it has been installed on a Chrome OS device. Figure 4: Chrome OS Apps List The Pulse Secure icon in the apps list is used primarily to view connection, versioning and diagnostic information. To configure a VPN connection or to initiate a manual VPN connection, click on the system tray in the lower-right-hand corner of the main Chrome OS screen, then select the VPN option in the popup-menu. Pulse Connect Secure connections will appear in the resulting VPN dialog. Note: If you use client certificate authentication, the client certificate must be installed on the Chrome OS device before the Pulse Secure client can connect. To create a Pulse Secure client connection on a Chrome OS device: 2018 by Pulse Secure, LLC. All rights reserved 13

Go to the system tray, open the popup menu and select the VPN disconnected option. Figure 5: VPN disconnected Option Tap the Pulse Secure option. Figure 6: Pulse Secure Option To create a new connection, tap the Pulse Secure option. The Add Connection screen appears. 2018 by Pulse Secure, LLC. All rights reserved 14

Figure 7: Add Connection screen In the URL field, specify the URL for the Pulse Connect Secure gateway. You can identify the server using the server IP address, the hostname, or a URL that optionally specifies the port the connection uses and the specific sign-in page. To specify an URL, use the following format: https://hostname[:port][/][sign-in page] The brackets indicate options. If you specify a specific sign-in page, make sure that the name you specify matches what is defined on the Pulse Connect Secure gateway. (Authentication > Signing in > Sign-in pages.) Specify the optional parameters. If you specify a username, future connection prompts will be seeded with this user name. After the user saves the new connection, it appears in the VPN list. The user can tap the connection to initiate a VPN connection. The VPN connection state is indicated in the VPN popup menu. Note: The connection Save identity and password option controls whether credentials will be automatically saved or not. Saved credentials are not stored persistently and will be removed on logout, uninstallation and restarting the computer. 2018 by Pulse Secure, LLC. All rights reserved 15

Modifying VPN Connection To modify a Pulse Secure client connection on a Chrome OS device: Open the Chrome Settings page. Under Private network settings, select the connection you want to modify. Click Configure. The Pulse Secure client connection configuration screen is displayed. Figure 8: Modify Connection screen Click Configure to launch the Pulse Secure Edit Connection dialog. 2018 by Pulse Secure, LLC. All rights reserved 16

Deleting VPN Connection To delete a Pulse Secure client connection on a Chrome OS device: Open the Chrome Settings page. Under Private network settings, select the Preferred networks. Figure 9: Delete Connection screen Select the delete symbol x corresponding to the connection you want to remove. Click Done. 2018 by Pulse Secure, LLC. All rights reserved 17

Starting and Stopping VPN Connections with Chrome OS To start Pulse Secure client connection, in the Chrome OS System menu, click the Pulse Secure connection that you want to start. Figure 10: Start Pulse Secure Client Connection To stop Pulse Secure client connection, in the Chrome OS System menu, select the Pulse Secure connection that you want to stop and click Disconnect. Figure 11: Stop Pulse Secure Client Connection 2018 by Pulse Secure, LLC. All rights reserved 18

Appendix A Chromebook Advanced Sync Settings The Advanced Sync Settings option provides the access to apps, extensions, bookmarks and other information across Chromebooks. You can sync: Apps and extensions from the Chrome Web Store (except extensions containing plug-ins) Chrome browser settings Custom wallpapers Language preferences Prediction of network actions To set up sync: On the Settings page, in the Users section, click Advanced sync settings. The Advanced sync settings window is displayed. Figure 12: Advanced sync settings window From the drop-down list, select Sync everything and click OK. 2018 by Pulse Secure, LLC. All rights reserved 19

The Pulse Secure client extension would be synced to all Chromebook devices with the default settings. You will be able to access apps, extensions, bookmarks and other information across Chromebooks. 2018 by Pulse Secure, LLC. All rights reserved 20

Appendix B Managing Certificates on Chromebook If you are not using certificates from one of the existing public certificate authorities, you must import the public key certificate of the issuer of the Pulse Connect Secure (PCS) gateway. This will allow the Chromebook to trust the PCS. If you are using client certificate authentication, you must import the client certificates into the Chromebook certificate store. Importing Client Certificates To import the client certificates: Go to the chrome tab chrome://certificate-manager. In the Your Certificates tab, import user certificates. Figure 13: Certificate Manager Your Certificates tab 2018 by Pulse Secure, LLC. All rights reserved 21

Note: For managed accounts: Only the certificates, imported by the chrome.enterprise.platformkeys API will qualify for corporate usage. If the certificate is generated or imported by other means, such as manually then it is not available for the API. For more information please refer: https://support.google.com/chrome/a/answer/6080885?hl=en&ref_topic=6330253 2018 by Pulse Secure, LLC. All rights reserved 22

Importing Public Key Certificate of the Issuer of the PCS Gateway To import the public key certificate: Go to the chrome tab chrome://certificate-manager. In the Authorities tab, import the public key certificate of the issuer of the PCS gateway. Figure 14: Certificate Manager Authorities tab To test your certificates: Open the Chrome browser. Enter your PCS URL and see if you get an HTTPS certificate error. 2018 by Pulse Secure, LLC. All rights reserved 23

Appendix C Google Management Console To manage the Pulse Secure VPN with the Google Management Console, do the following steps: Add the Pulse Secure app to either the Force-installed or Allowed Apps and Extensions from the Chrome->User Settings. Add the Pulse Secure VPN from the Device management->network->vpn. Choose the appropriate organizational unit. 2018 by Pulse Secure, LLC. All rights reserved 24

Hover over the Pulse Secure VPN item and depress the EDIT button. Configure the policies and settings for the Pulse Secure VPN app. 2018 by Pulse Secure, LLC. All rights reserved 25

Select the Allow access to client certificates and keys if you are using client certificates. Managing Connection Policy From within Google Management Console you can manage the Pulse Secure application and import a connection policy. 2018 by Pulse Secure, LLC. All rights reserved 26

The Pulse Secure connection policy implements these policy options. Policy Description AllowLocal AllowAutoSave If set to true, then enable add, edit and delete of local connections. Default: true If set to true, then enable the auto-save option on local connections. If set to false, this option disables auto-save for all connections. Default: true Connections Attribute Description name Connection Name. url Server URL. check If set to true, then identity and password credential information will be automatically saved and used transparently in subsequent authentication attempts. Default: true username If primary username is set, then primary username prompts will default to this value. The following substitution symbols are supported: Variable Description ${LOGIN_ID} The current user's username, 2018 by Pulse Secure, LLC. All rights reserved 27

Policy Description such as mscarlet. The current user's full email ${LOGIN_EMAIL} address, such as mscarlet@your_domain.com. username2 realm role If secondary username is set, then secondary username prompts will default to this value. The following substitution symbols are supported: Variable Description The current user's username, ${LOGIN_ID} such as mscarlet. The current user's full email ${LOGIN_EMAIL} address, such as mscarlet@your_domain.com. If realm is set, then this realm preference will be automatically selected during authentication. If role is set, then this preferred role will be automatically selected during authentication. A configuration conforming to the specification above can be placed in a configuration file in JSON format and uploaded in the Google Management Console. Below is a sample Pulse Secure connection policy in JSON format showing a locked-down policy useful for a kiosk application. { } "AllowLocal": { "Value": false }, "AllowAutoSave": { "Value": false }, "Connections": { "Value": [ {"name": "test", "url": "10.17.1.222", "check": true, "username": "${LOGIN_ID}", "username2": "${LOGIN_EMAIL}"}, {"name": "vpn", "url": "vpn.psecure.net", "realm": "Users", "role": "Users"} ] } Note: The policy is case sensitive. 2018 by Pulse Secure, LLC. All rights reserved 28

The policy attributes and Connections array must not have a trailing, after the last element. Not all Connections attributes have to be specified; only name and url are required. AllowLocal and AllowAutoSave are optional The Google Management Console doesn t validate configuration and fails silently on malformed policies. Once you make your configuration file, use the UPLOAD CONFIGURATION FILE button in the Google Management Console to upload the configuration. To see the downloaded policy on a managed Chromebook device, navigate the browser to chrome://policy page. For information on managing chrome devices, see: https://support.google.com/chrome/a/answer/1289314?hl=en For instructions for enrolling chrome devices, see: https://support.google.com/chrome/a/answer/1360534?hl=en 2018 by Pulse Secure, LLC. All rights reserved 29

Index A apps and extensions 18 authentication realms 4 authentication types 5 C certificate authentication 10 certificate manager 19, 20 Chrome Web Store 4, 5, 12 client certificate authentication 19 client certificate authorities 10 custom wallpapers 18 D delete VPN connection 16 diagnostics 7 DNS 5 H host checker 5 I IPv4 5 L Layer 3 VPN(SSL) communication 4 local awareness 6 logs 7 M machine authentication 5 modify VPN connection 15 P Pulse Secure icon 12 R Radius challenge/response 5 RSA soft token 6 RSA token code 5 S secondary authentication 5 session extension 6 sign-in notification messages 5 sleep/wakeup transitions 5 smart card 5 split tunneling 5 start VPN connection 17 status 7 stop VPN connection 17 supported features 5 supported platforms 4 sync settings 18 U UDP-ESP tunnel 6 user agent string 11 2018 by Pulse Secure, LLC. All rights reserved 30

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback