Single Sign-On

Cloud App Security supports seamless SAML-based single sign-on (SSO) using your corporate account credentials. After configuring SSO settings, administrators can use their Active Directory, Okta, or Google Workspace account credentials to single sign on to the Cloud App Security management console.

Cloud App Security currently supports either of the following identity providers for SSO:

  • Microsoft Active Directory Federation Services (AD FS) 2.0 and 3.0

  • Azure Active Directory (Azure AD)

  • Okta

  • Google Workspace

To connect Cloud App Security to your organization environment for SSO:

  • Configure the identity provider you use for single sign-on, that is, Azure AD tenant, AD FS federation server, Okta, or Google Workspace.

    A federation server is a computer that runs a specialized web service that can issue, manage, and validate requests for security tokens and identity management. Security tokens consist of a collection of identity claims, such as a user's name or role. The federation server can be configured only for Intranet access to prevent exposure to the Internet.


    If you have a hybrid environment consisting of an Azure AD tenant and an on-premises AD FS federation server, Trend Micro recommends you configure and use Azure AD to ensure proper single sign-on to Cloud App Security.

  • Specify SSO settings on the management console.