Configuring Azure Active Directory

Azure Active Directory (Azure AD) is Microsoft's multi-tenant cloud based directory and identity management service.

Make sure you have a valid subscription in Azure AD that handles the sign-in process and eventually provides the authentication credentials of end users to the End User Console.

  1. On the Azure AD management portal, select an active directory that you want to implement SSO.
  2. Click Enterprise applications in the navigation area on the left and click New application.
  3. Click Non-gallery application and specify a display name for your application.
  4. Click Assign a user for testing (required), click Add user, and then select a specific user or group for this application.
  5. Click Configure single sign-on (required) to configure the connection from your application to Azure AD using the SAML protocol.
    1. Select SAML-based Sign-on from the Single Sign-on Mode drop-down list.
    2. Specify the identifier and reply URL.
      Note:

      Specify the identifier for your region as follows:

      https://euc.<domain_name>/uiserver/euc/ssoLogin

      Specify the reply URL for your region as follows:

      https://euc.<domain_name>/uiserver/euc/ssoAssert

      In the preceding URLs, replace <domain_name> with either of the following based on your location:

      • North America, Latin America and Asia Pacific:

        tmes.trendmicro.com

      • Europe, the Middle East and Africa:

        tmes.trendmicro.eu

      • Australia and New Zealand:

        tmes-anz.trendmicro.com

    3. Select View and edit all other user attributes and click Add attribute.
    4. In the Add attribute dialog box, set the name and value for an SAML token attribute and leave Namespace blank. For example, type email as the attribute name and select user.mail as the attribute value.
    5. Under SAML Signing Certificate, click Certificate (Base64) to download a certificate file for Azure AD signature validation on Trend Micro Email Security and record the single sign-on and sign-out service URLs.
    6. Specify an email address for Notification Email.
  6. Click Save.