Pulse Secure Connect Integration Guide

This guide details the steps required to configure Trusona for your Pulse Secure Connect installation.

1. Overview

Pulse Secure Connect integrates with Trusona using SAML 2.0 providing primary authentication without passwords. The Trusona user’s verified email address will be returned in the SAML Response.

Further authorization is performed by Pulse Secure by making an LDAP query based on the verified email address in the SAML assertion from Trusona.

2. Prerequisites

This document assumes you a have Pulse Connect Secure 9.0R1 or later and an LDAP store such as Microsoft Active Directory.

3. Tested Configuration

  • Pulse Secure Connect 9.0R1
  • Windows Server 2016 AD
  • SAML Integration w/ Trusona Gateway

4. SAML Authentication w/ LDAP Authorization

Complete the following steps to configure a User Realm to use Trusona for authentication and an LDAP server for authorization.

4.1. System SAML Configuration

Ensure your global SAML configuration is correct.

  1. Under System -> Configuration -> SAML choose Settings
  2. Validate or populate Host FQDN for SAML with the FQDN of your Pulse Secure Appliance
  3. Save Changes

4.2. Add a SAML Metadata Provider

  1. Under System -> Configuration -> SAML choose New Metadata Provider
  2. Provide a Name, such as Trusona
  3. Select Remote for location
  4. Enter the Download URL provided by Trusona
  5. Check Identity Provider for roles
  6. Save Changes, it may take a few moments for the values to populate from the Metadata Service

4.3. Add a SAML Auth Server

  1. Under Authentication -> Auth. Servers choose new SAML Server and click new server
  2. Provide a name, such as Trusona
  3. Select 2.0 for SAML Version
  4. Choose Metadata for Configuration Mode
  5. Choose the Identity Provider Entity Id from your Trusona SAML Metadata Provider
  6. Choose POST for SSO Method
  7. Select the Trusona SSO Certificate
  8. Select a valid Device Certificate for Signing
  9. Save Changes
  10. Edit the Authentication Server you just created and click Download Metadata.
  11. Provide the metadata file to Trusona to complete your integration.

5. Add a LDAP Auth Server for Authorization

Trusona requires looking up the user by their mail attribute. This may be incompatible with other uses of the LDAP Auth Server. Therefore, Trusona recommends creating a new LDAP Auth Server specifically for Trusona. General configuration of the LDAP Auth Server Settings is out of scope for this document. Please refer to the Pulse Secure Connect Administration Guide for more information.

To configure the LDAP Auth Server to lookup users by their mail attribute do the following:

  1. Edit the LDAP Auth Server.
  2. Under “Finding user entries”. Set “Filter” to mail=
  3. Save Changes

6. Configure a User Realm to use Trusona

  1. Under Users -> User Realms create a new realm or edit an existing one.
  2. Under Servers, set Authentication to the Trusona SAML Auth Server configured above.
  3. Under Servers, set User Directory/Attribute to the LDAP Auth Server configured above.
  4. Save Changes

7. Verify the Configuration

  1. Create a user in your LDAP directory with the mail attribute set.
  2. Install the Trusona app and register a user using the same email address as specified in the mail attribute for the user that was created in LDAP.
  3. Visit the public URL for your Pulse instance.
  4. You should be directed to a Trusona login page with a QR code.
  5. Scan the QR code using the Trusona app.
  6. You should receive a prompt in the Trusona app that allows you to accept or reject the login attempt.
  7. Accept the login attempt.
  8. You should be directed to the Pulse dashboard page.


Remote access


Get started guides
Implementation guides
Users guides


Mobile SDKs
Server SDKs
Web SDKs


Authentication Service
ID Proofing Service