Installation

Note: As of July 22, 2022, the branding for the campus VPN client has changed from Pulse Secure (9.1rx) to Ivanti Secure Access (22.2Rx). All other aspects of the client are the same. Any reference to Pulse Secure should be interpreted as Ivanti Secure Access.

You will need Administrator level access on your Windows account in order to install this software. 

Step 1: Download the Ivanti Secure Access VPN client package for Windows (UCSB Box credentials are required to access the file). Most users will require the x64 (64-bit) version - only use the x32 (32-bit) version if directed to do so by your IT administrator. 

Step 2: Double-click the installer package to open it. 

Windows 7: If you ran the installer as Administrator, you will see a User Account Control prompt asking "Do you want to allow the following program to make changes to this computer?" As long as the window matches the one below, and lists the Verified publisher as: University of California, Santa Barbara, you may click Yes to continue.

vpn windows screenshot

Windows 10: You may receive a Windows Smart Screen warning message "Windows protected your PC." In this window, click "More info" to view the publisher certificate. As long as the window has similar data as the screenshot below, listing the Verified publisher with the following data: US, 93106, CA, Santa Barbara, 5221 Cheadle Hall, "University of California, Santa Barbara", you may click "Run anyway" to continue.
vpn windows screenshot

Step 3: Click Next

Step 4: Click Install

 

Step 5: Confirm the User Account Control prompt (enter the username/password of an administrator) to install the software. This is safe as long as the Verified publisher listed in the window is: Pulse Secure, LLC

 

Step 6: Click 'Finish' once setup is complete.

Step 7: If prompted, install 'Microsoft Edge WebView2 Runtime' by clicking 'Install'.

Usage

IMPORTANT: you must first have at least one device already enrolled with UCSB's MFA service (Duo Security) in order to connect to VPN.

 

Step 1: Open the Ivanti Secure Access application from the Start menu.

In the Ivanti Secure Access client window, click the Connect button inside the "UCSB Remote Access Trusted" connection profile to initiate a connection to the VPN. 

vpn remote access trusted profile windows

 

The first thing you see will be a prompt explaining how to use Duo multi-factor authentication with the VPN client.

Step 2: Once you have read the instructions carefully, click the "Proceed" button to begin the authentication process.

Step 3: A window will open prompting you to enter your UCSB NetID and password.  Provide them and click "Connect".

Step 4: Once your UCSB NetID credentials have been authenticated, you will be prompted to enter which factor you want to use for multi-factor authentication (MFA).

Please type 'push' (no quotes) in the designated field to get a push notification via the Duo mobile application, or enter a current SMS, Duo, or hard token numerical passcode. Alternatively, you can type 'sms' (no quotes) to receive a new set of codes via SMS message on your phone (login will fail - you will need to authenticate to the VPN again to use the newly received SMS passcodes, which are good for one hour). You have a short period of time after entering this information to approve the Duo Push notification or to enter your passcode.   Click "Connect."

You can find more about the distinctions in Duo device setup here: https://www.it.ucsb.edu/getting-started-mfa-duo/which-devices-should-i-enroll-mfa-duo.

 

Once you have provided a valid 2nd factor, your client will connect and the button should change to read "Disconnect." Clicking the arrow on the left will expand the status area - this will show the words "Status: Connected."

If you receive an error like the one below, about the server certificate being invalid, close the Ivanti Secure Access VPN client. Open up Internet Explorer browser and navigate to https://ps.vpn.ucsb.edu/install

vpn windows screenshot

You should see a "green padlock" in the URL bar to show the certificate trusted. If you do not see the green padlock icon, download the Root CA and Intermediate CA from the linked page and install in Windows Certificate Store. Then try Step 3 again.

Step 5: Verify your VPN connection by using a web browser to visit https://next.noc.ucsb.edu/ip. The web page will display the network address your computer is using. If the VPN is in use, it should say “On-campus address (VPN).”

Step 6: To disconnect from the campus VPN service, click the "Disconnect" button.