VPN: Accessing the VPN with CAS Authentication

Tags VPN CAS

Overview

When you log in to the VPN via a web browser or the Pulse Secure app, you will be presented with the same CAS authentication screen used by most UTK applications, including MyIRIS and MyUTK. You will need to approve the Duo login to access the VPN. 

VPN Client Behavior

Default Windows client and Windows Store Client

  • These clients do not support two-factor authentication.  
  • Install the Pulse Secure client from the OIT Software distribution site to continue to use the VPN after the upgrade.

Pulse Secure 

  • Make sure you install the latest version of the Pulse Secure client from the OIT Software distribution site.
  • 2FA 7-day Remember Me Option: 
    • The Windows Pulse Secure client will cache credentials and honor the 7-day Remember Me option.  
    • The Mac Pulse Secure client does not cache credentials or honor the 7-day Remember Me option. You must enter your NetID and Password and two-factor each time you log in. 
  • Pulse Secure supports Duo Push and Passcodes but does not work with Yubikeys.  
  • Logins are good for 24 hours before you must re-authenticate to the VPN.  

Automated Workflows  

Automated workflows are not compatible with the Central Authentication Service (CAS).

If you are currently using automated workflows, please let us know how you are using them, and which account is performing the authentication request. Submit the information online at help.utk.edu.   

For Linux  

You have multiple options for connecting to the VPN:  

  1. Pulse Secure client. The Pulse Secure client is available as a .deb and .rpm. OIT recommends the newest version of the client, 9.1R5, available from the OIT Software distribution site.  
  2. OpenConnect. OpenConnect is available via most OS package managers; however, a wrapper must be installed to extract the cookie after login. Download the wrapper from GitHub; the instructions are available in the README.