Views:

Allow VU to facilitate SAML single sign-on access to the Trend Vision One platform.

Procedure

  1. Download the service provider metadata file from the Trend Vision One console.
    • For legacy accounts, go to AdministrationSingle Sign-On and click Download.
    • For accounts with the Foundation Services release, go to AdministrationIdentity Providers and click Download the metadata XML.
  2. Add Trend Vision One as an Authentication Management app in the VU console.
    1. Go to Authentication Management in the VU console and select ConfigurationSingle Sign-On.
    2. Click Add.
      The Edit window appears.
    3. Configure the following application settings:
      Setting
      Description
      Token Endpoint Auth Method
      Select client_secret_post.
      Response Type "Code"
      Enable this setting for both SAML and OIDC integration.
      Response Type "Id Token"
      Enable this setting for both SAML and OIDC integration.
      SAML2 Enabled
      Enable this setting for SAML integration.
      User authentication flow
      Select from the following authentication types:
      • Single-factor authentication
      • Multi-factor authentication
      Session time
      Use the default value of 86,400 seconds.
      SAML2 Metadata File
      Upload the service provider metadata file downloaded from the Trend Vision One console.
      Default domain
      Use the default value provided by VU.
      Note
      Note
      The value defaults to the associated email address. If no email address exists, the value defaults to the username and the default email domain.
      Application URL
      Enter the initial URL of Trend Vision One, using the following format: http://[domain]/
      Redirect URL
      Use the default URL generated by VU.
      Post Logout Redirect Url
      Enter the URL that is redirected to after signing out of Trend Vision One, using the following format: http://[domain]/
      App logo
      Upload a logo to display in the Application list on the Authentication Management screen.
      Application name
      Enter a name to display in the Application list on the Authentication Management screen.
      Application
      Enter an internal name to identify the app.
      Note
      Note
      This field only supports letters, numbers, hyphens, and underscores. Do not use spaces or other special characters.
    4. Click Save.
  3. Download the identity provider metadata file from Authentication Management in the VU console.
  4. In the Trend Vision One console, add VU as an identity provider.
    • For legacy accounts, go to AdministrationSingle Sign-On.
      Click Upload the IdP metadata XML file.
    • For accounts with the Foundation Services release, go to AdministrationIdentity Providers.
      Click Add Identity Provider.
      Specify a name and description.
      Upload the identity provider metadata file obtained from VU.
      Click Save.
    For more information, see Single Sign-On or Identity Providers (Foundation Services release).
  5. (Optional) Go to AdministrationUser Accounts and add SAML user accounts.
    Sign-in attempts from SAML users begin redirecting to VU, where users can enter the account username, password, and a VU Mobile Token to access Trend Vision One.