Trend Micro Email Security allows you to control the way that end users access the End User Console.
On the Logon Methods screen, you can enable or disable the following logon methods:
User Account Logon
If this method is enabled, end users can use the accounts they have registered on the End User Console to log on.
From the Source of managed accounts drop-down list, select the source of accounts to be managed when end users log on to the End User Console.
Aliases synchronized from directories: If you select this option, the logon users will have all the aliases synchronized from LDAP directories as their managed accounts.
Manually added accounts: If you select this option, the logon users will have all the accounts they added manually as their managed accounts.
Once you enable single sign-on (SSO) and complete required settings, end users can use the existing Active Directory corporate credentials for SSO.
Trend Micro Email Security currently supports either of the following for SSO:
Microsoft Active Directory Federation Services (AD FS) 2.0
Azure Active Directory (AD)
Before configuring SSO, finish configuring AD FS 2.0 or Azure AD to complete federation server settings.
A federation server is a computer that runs a specialized Web service that can issue, manage, and validate requests for security tokens and identity management. Security tokens consist of a collection of identity claims, such as a user's name or role. The federation server can be configured only for Intranet access to prevent exposure to the Internet.