Active Directory Federation Services (AD FS) 2.0 provides support for claims-aware identity solutions that involve Windows Server and Active Directory technology. AD FS 2.0 supports the WS-Trust, WS-Federation, and Security Assertion Markup Language (SAML) protocols.
This section describes how to configure AD FS 2.0 as a SAML server to work with Hosted Email Security. Make sure you have installed AD FS 2.0 successfully.
No encryption certificate is required, and HTTPS will be used for communication between Hosted Email Security and federation servers.
Specify the SAML 2.0 SSO service URL for your region as follows:
Europe, the Middle East, Africa: https://euq.hes.trendmicro.eu/uiserver/euq/ssoAssert
Other regions: https://euq.hes.trendmicro.com/uiserver/euq/ssoAssert
Specify the identifier for the relying party trust for your region as follows:
Europe, the Middle East, Africa: https://euq.hes.trendmicro.eu/uiserver/euq/ssoLogin
Other regions: https://euq.hes.trendmicro.com/uiserver/euq/ssoLogin
When configuring federation server settings on Hosted Email Security, make sure you use the same claim types specified in the Outgoing Claim Type column.
When typing the URL, replace ADFS_host_name with the host name or IP address of the server where you configured AD FS.
If you see the message "You are signed in.", your configurations are correct, and you are redirected to the ADFS server.
If you fail to sign in, check your previous configurations.