Configure Microsoft Entra ID as a SAML (2.0) identity provider for Trend Vision One to use.
Microsoft Entra ID is a multi-tenant cloud based directory
and identity management service.
To use Microsoft Entra ID, you must have a valid subscription
with a Microsoft Entra ID edition license (Free, Basic, or
Premium) that handles the sign-in process and eventually provides the authentication
credentials to the Trend Vision One management
console.
Procedure
- Sign in to the Azure management portal at https://portal.azure.com using your Microsoft Entra ID administrator account.
- On the Microsoft Azure main page, click Microsoft Entra ID. On first use, click More services and find Microsoft Entra ID.
- In the left navigation, click Enterprise
applications.The Enterprise applications | All Applications screen appears.
- Click New application.The Browse Microsoft Entra Gallery screen appears.
- Click Create your own application.
- Type a display name for the application.For example, type XDR.
- Select Integrate any other application you don't find in the gallery.
- Click Create.
- (Optional) Assign users and roles:
Important
If you intend to use the private access service and internet access service in the Zero Trust Secure Access app, Trend Micro recommends that you skip step 9. Instead, go to Properties in the left navigation, disable the User assignment required? toggle, and then proceed to step 10.If you require user assignment, assign each user individually to use the private access service and internet access service.- Under the Getting Started section, click
Assign users and groups.The Users and groups screen appears.
- Click Add user.The Add Assignment screen appears.
- Click Users.A new frame for Users appears on the right side of the screen.
- Click the users you want to assign, and then click
Select.The number of selected users appear under Users and the Assign button is enabled.
- Click Assign.The Users and groups screen appears.
- In the left navigation, click Overview.The Overview screen appears.
- Under the Getting Started section, click
Assign users and groups.
- Under the Getting Started section, click Set
up single sign on.The Single sign-on screen appears.
- Click SAML.The SAML-based Sign-on screen appears.
- Click Upload metadata file.The Upload metadata file window appears.
- Click Select a file.A browse file window appears.
- Browse and open the metadata.xml file that you downloaded in a previous
step.The browse file window closes.
- In the Attributes & Claims section, ensure that the Unique User Identifier is configured to the following: user.userprincipalname
- Click Save.The settings are saved.
- After the settings have been saved, click the close icon in the Basic
SAML Configuration window.The Basic SAML Configuration closes and the SAML-based Sign-on window appears.
- To support IdP-Only SAML Group Account, configure attributes and claims.
- Click Edit to open the Attributes & Claims screen.
- Leave the Name ID required claim set to default.
- Click Add a group claim to add the groups of those you wish to access Trend Vision One.
- Select the best option that reflects the group you previously assigned
to your application.For more information, see Microsoft Entra ID documentation.
- Leave the source attribute set to Group ID, and click Save.
- In the Attributes & Claims screen, click Add new claim, enter the name name, select user.userprincipalname, and then click Save.
- Click Add new claim, enter the name displayname, select user.displayname, and then click Save.
- Take note of the claim names for group, name, and user display name, for example, http://schemas.microsoft.com/ws/2008/06/identity/claims/groups, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name, and http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname
- If prompted to test single sign on now, click No, I'll test later.
- Under the SAML Signing Certificate section, click
Download for Federation Metadata
XML, and then save the file.
Note
Import this metadata file to Trend Vision One.