Configuring Active Directory Authentication

Apex One as a Service supports SAML 2.0 single sign-on (SSO) using your corporate account credentials. After configuring SAML SSO settings, users can use their Active Directory account credentials to sign on to the Apex Central console.

For more information on configuring your specific identity provider (IdP), see https://success.trendmicro.com/solution/000241147.

Important:

The following procedure assumes you have already synchronized Apex One as a Service with your Active Directory structure.

For more information, see Configuring Active Directory Synchronization.

Note:
  • To perform AD FS authentication using Microsoft Edge, you must first import a valid certificate for the AD FS website from the Active Directory server to the Trusted Root Certification Authorities folder on your endpoint.

  • By default, Apex Central validates the SAML assertion signature. Ensure that SAML response signatures are enabled on the identity provider (IdP).

  1. On the Apex Central console:
    1. Go to Administration > Settings > Active Directory and Compliance Settings.

      The Active Directory Settings tab on the Active Directory and Compliance Settings screen appears.

    2. Ensure that the Enable Active Directory synchronization check box is selected.
    3. Select Enable Active Directory authentication.
    4. In the Service provider settings section, click Download the Apex Central service provider metadata XML file.

      The Apex Central service provider metadata XML file (Apex_Central_{FQDN}_ServiceProviderMetadata.xml) downloads to your computer.

  2. Integrate your identity provider (IdP) with Apex Central using the downloaded service provider metadata XML file.

    For more information on configuring your specific identity provider (IdP), see https://success.trendmicro.com/solution/000241147.

  3. On the Apex Central console:
    1. Go to Administration > Settings > Active Directory and Compliance Settings.

      The Active Directory Settings tab on the Active Directory and Compliance Settings screen appears.

    2. In the Identity provider settings section, provide the following information from your IdP:
      • SSO service URL: Provide the SSO service URL for the IdP logon console.

      • Service identifier: Provide the Issuer URL from the IdP

      • Signing certificate: Click Choose File to upload the token-signing certificate you copied and saved from the IdP.

    3. Click Save.

      SAML single sign-on is configured and you can now add Active Directory accounts on the Apex Central console.

      For more information, see Adding a User Account.