Before specifying single sign-on (SSO) settings on the administrator console, configure the identity provider you choose for SSO, that is, AD FS 4.0, Azure AD or Okta:
Gather required settings from your identity provider before setting up the administrator console.
The administrator console URL is generated.
If you have to change the unique identifier due to conflict with another identifier, make sure you also change it in your identity provider configuration.
All subaccounts: applies this profile to all subaccounts.
You can create only one profile that is applied to all subaccounts.
Specified subaccounts: applies this profile to specified subaccounts.
Select subaccounts from the Available pane and click Add > to add them to the Selected pane.
Use the logon URL collected from AD FS, Azure AD or Okta configurations.
The logoff URL logs you off and also terminates the current identity provider logon session.
Once you have completed the configuration, log on with a subaccount using the administrator console URL generated in Step 4 to initiate SSO from the identity provider to the Trend Micro Email Security administrator console. The identity claim type specified in Step 6 is used to get the mapping claim value from your identity provider. In this case, Trend Micro Email Security obtains the email address of the logon subaccount and checks if it matches the subaccount email address you set before. If they are matched, you will be successfully logged on to the administrator console with the subaccount.