Configuring Single Sign-On

  1. Go to Administration > End User Management > Logon Methods.

    The Logon Methods screen appears.

    Note:

    If you want to allow end users to log on with their own accounts to the End User console, click the toggle button to enable User Account Logon.

  2. In the Single Sign-On section, configure the general settings for single sign-on (SSO).
    1. Click the toggle button to enable SSO.
    2. Specify a unique identifier.

      The End User Console URL is generated.

  3. Configure federation server settings for SSO.
    1. Specify the logon and logoff URLs for your federation server.
      Note:

      Use the logon URLs collected from AD FS or Azure AD configurations.

  4. Configure attribute mapping settings for SSO.
    1. Specify claim types based on the outgoing claim types you configured for AD FS or Azure AD.
    2. Select Certificate file to enable signature check.
    3. Next to Certificate file, click Choose File to locate the certificate file you downloaded from AD FS or Azure AD configurations.
  5. Click Save.
    Note:

    To allow end users to directly access the End User Console from the AD FS Sign-In Pages, change the relying party SAML 2.0 SSO service URL you specified on the AD FS management console into the following:

    https://euc.<domain_name>/uiserver/euc/ssoAssert?cmpID=<Unique_Identifier>

    In the preceding URL, replace <Unique_Identifier> with the actual unique identifier you set in Step 2 and <domain_name> with either of the following based on your location:

    • North America, Latin America and Asia Pacific:

      tmes.trendmicro.com

    • Europe, the Middle East and Africa:

      tmes.trendmicro.eu

    • Australia and New Zealand:

      tmes-anz.trendmicro.com