Trend Micro Email Security allows you to control the way that administrator subaccounts and superadmin accounts access the administrator console.
On the Logon Methods screen, you can enable or disable the following logon methods:
Local Account Logon
If this method is enabled, subaccounts and superadmin accounts can log on to the administrator console with their user name and password. Enforcing two-factor authentication adds an extra layer of security to the accounts.
Once you enable single sign-on (SSO) and complete required settings, subaccounts and superadmin accounts can log on to the administrator console through SSO with their existing identity provider credentials. You can create multiple SSO profiles so that different accounts can log on to the administrator console from different identity provider servers through SSO.
Trend Micro Email Security currently supports the following identity providers for SSO:
Microsoft Active Directory Federation Services (AD FS)
Azure Active Directory (Azure AD)