Trend Micro Email Security allows you to control the way that administrator subaccounts access the administrator console.
On the Logon Methods screen, you can enable or disable the following logon methods:
Local Account Logon
If this method is enabled, subaccounts can log on to the administrator console with their user name and password. Enforcing two-factor authentication adds an extra layer of security to the subaccounts.
Once you enable single sign-on (SSO) and complete required settings, subaccounts can log on to the administrator console through SSO with their existing identity provider credentials. You can create multiple SSO profiles so that different subaccounts can log on to the administrator console from different identity provider servers through SSO.
Trend Micro Email Security currently supports the following identity providers for SSO:
Microsoft Active Directory Federation Services (AD FS)
Azure Active Directory (Azure AD)