VPNs
-
Juniper® Secure Connect integration with JIMS (SRX1500, SRX1600, SRX2300, SRX4100, SRX4200, SRX4300, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX 3.0)—The SRX Series Firewalls can send Juniper Secure Connect’s remote access VPN connection state events to Juniper® Identity Management Service (JIMS) using the push to identity management (PTIM) solution. By default, Junos OS enables this feature when you use
identity-managementat the[edit services user-identification]hierarchy level.You can use the following options to configure this feature:
-
no-push-to-identity-managementat the[edit security ike gateway gateway-name aaa]hierarchy level to disable the iked process communication with JIMS. -
user-domainat the[edit security remote-access profile realm-name options]hierarchy level to optionally configure the domain alias name.
See [Juniper Secure Connect Integration with JIMS, identity-management, and profile (Juniper Secure Connect).]
-
-
SAML-based user authentication in Juniper® Secure Connect (SRX1500, SRX1600, SRX2300, SRX4100, SRX4200, SRX4300, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX 3.0)—Juniper Secure Connect remote access VPN supports user authentication using Security Assertion Markup Language (SAML) version 2. To perform the remote user authentication using SAML, run the VPN service using the iked process on your firewall and ensure you have the SAML-supported Juniper Secure Connect application.
Configure SAML service provider and identity provider settings at the
[edit access saml]hierarchy level. Enable SAML settings in the access profile configuration using theset access profile profile-name authentication-order samlcommand.See [SAML Authentication in Juniper Secure Connect, saml, authentication-order (access-profile), saml (Access Profile), saml-options, show network-access aaa saml assertion-cache, show network-access aaa statistics, request network-access aaa saml load-idp-metadata, request network-access aaa saml export-sp-metadata, clear network-access aaa saml assertion-cache, clear network-access aaa saml idp-metadata, and clear network-access aaa statistics.]