Views:

Add multiple users in an assigned group to sign in to the Trend Vision One console using your corporate identity provider (IdP) solution.

IdP-Only SAML Group Account users support IdP-initiated single sign-on only, and users must sign in via their IdP to access Trend Vision One.
Once Trend Vision One and the IdP have exchanged SAML metadata documents and established a trust relationship, Trend Vision One can accept assertions coming from the IdP and use them to authenticate a user into Trend Vision One. In addition to the metadata document, Trend Vision One requires instructions for interpreting the data in the assertion in order to know how to authenticate users. This is done using mapping and claims.
  • Mappings are used to associate attributes in Trend Vision One with the user attributes in your IdP.
  • Claims are pieces of information about the user provided by the IdP in an assertion.
Important
Important
  • Adding IdP-Only SAML Group Account users does not require group information synchronization with your IdP, and users do not need to verify their email addresses. Therefore, notifications via email in Trend Vision One are not supported for users of this account type for security reasons.
  • If an IdP-Only SAML Group Account user is also added to a SAML Account or SAML Group Account, Trend Vision One authenticates the user with their email address and signs them in as a SAML Account or SAML Group Account user with the associated administrator role.

Procedure

  1. Go to AdministrationUser Accounts.
  2. Click Add User Account.
  3. Select IdP-Only SAML Group.
  4. Enter a name for the IdP-Only SAML Group Account.
  5. Select a Role.
    To create a custom user role, click Create a custom role in User Roles. For more information, see User Roles.
    Note
    Note
    Creating a custom role leaves the current screen and discards all changes made in the screen.
  6. Select an IdP in which you want to add groups to access the Trend Vision One console.
    You can find all the IdPs that have been added in Identity Providers in the drop-down list, but only the IdPs that are configured to support IdP-Only SAML Group Account are available.
  7. Specify the name of the group to allow users of the group to access Trend Vision One. It maps to the value of the attribute in the SAML assertion you have specified for the Group attribute when configuring your IdP in Identity Providers.
    For each IdP-Only SAML Group Account, a maximum of 10 groups per IdP can be added.
  8. Repeat steps 6 and 7 to add more groups in another IdP.
  9. Click Add.
  10. (Optional) When editing an account, enable or disable the account by clicking the Status toggle.