Configuring Single Sign-On

  1. Go to Administration > End-User Management > Logon Methods.

    The Logon Methods screen appears.

    Note:

    If you want to allow end users to log on with their own accounts to the End User console, click the toggle button to enable User Account Logon.

  2. In the Single Sign-On section, configure the general settings for single sign-on (SSO).
    1. Click the toggle button to enable SSO.
    2. Specify a unique identifier.

      The End-User Quarantine console URL is generated.

  3. Configure federation server settings for SSO.
    1. Specify the logon and logoff URLs for your federation server.
      Note:

      Use the logon URLs collected from AD FS or Azure AD configurations.

  4. Configure attribute mapping settings for SSO.
    1. Specify claim types based on the outgoing claim types you configured for AD FS or Azure AD.
    2. Select Certificate file to enable signature check.
    3. Next to Certificate file, click Choose File to locate the certificate file you downloaded from AD FS or Azure AD configurations.
  5. Click Save.
    Note:

    To allow end users to directly access the End-User Quarantine console from the AD FS Sign-In Pages, change the relying party SAML 2.0 SSO service URL you specified on the AD FS management console into either of the following:

    • Europe, the Middle East, Africa: https://euq.hes.trendmicro.eu/uiserver/euq/ssoAssert?cmpID=Unique_Identifier

    • Other regions: https://euq.hes.trendmicro.com/uiserver/euq/ssoAssert?cmpID=Unique_Identifier

    Replace Unique_Identifier in the preceding URL with the actual unique identifier you set in Step 2.

Parent topic: About Logon Methods