Configuring Okta

This section describes how to add Trend Micro Email Security as a new application and configure SSO settings on your Okta Admin Console.

  1. Navigate to the Admin Console by clicking Admin in the upper-right corner.
    Note:

    If you are in the Developer Console, click < > Developer Console in the upper-left corner and then click Classic UI to switch over to the Admin Console.

  2. In the Admin Console, go to Applications > Applications.
  3. Click Add Application, and then click Create New App.

    The Create a New Application Integration screen appears.

  4. Select Web as the Platform and SAML 2.0 as the Sign on method, and then click Create.
  5. On the General Settings screen, type a name for Trend Micro Email Security in App name, for example, Trend Micro Email Security Administrator Console, and click Next.
  6. On the Configure SAML screen, specify the following:
    1. Type https://ui.<domain_name>/uiserver/subaccount/ssoAssert?cmpID=<unique_identifier> in Single sign on URL based on your serving site.
      Note:
      In the preceding and following URLs:
      • Replace <unique_identifier> with a unique identifier. Record the unique identifier, which will be used when you create an SSO profile on the Trend Micro Email Security administrator console.

      • Replace <domain_name> with any of the following based on your location:

        • North America, Latin America and Asia Pacific:

          tmes.trendmicro.com

        • Europe, the Middle East and Africa:

          tmes.trendmicro.eu

        • Australia and New Zealand:

          tmes-anz.trendmicro.com

        • Japan:

          tmems-jp.trendmicro.com

    2. Select Use this for Recipient URL and Destination URL.
    3. Type https://ui.<domain_name>/uiserver/subaccount/ssoLogin in Audience URI (SP Entity ID).
    4. Select EmailAddress in Name ID format.
    5. Select Okta username in Application username.
    6. (Optional) Click Show Advanced Settings, specify the following:

      This step is required only if you want to configure a logoff URL on the Trend Micro Email Security administrator console. The logoff URL is used to log you off and also terminate the current identity provider logon session.

      1. Next to Enable Single Logout, select the Allow application to initiate Single Logout check box.

      2. Type https://ui.<domain_name>/uiserver/subaccount/sloAssert?cmpID=<unique_identifier> in Single Logout URL.

      3. Type https://ui.<domain_name>/uiserver/subaccount/ssoLogout in SP Issuer.

      4. Upload the logoff certificate in the Signature Certificate area.

        You need to download the logoff certificate from the Trend Micro Email Security administrator console in advance. Go to Administration > Administrator Management > Logon Methods. Click Add in the Single Sign-on section. On the pop-up screen, locate the Identity Provider Configuration section, select Okta as Identity provider and click Download Logoff Certificate to download the certificate file.

      5. Keep the default values for other settings.

    7. Under ATTRIBUTE STATEMENTS (OPTIONAL), specify email in Name, and select Unspecified in Name format and user.email in Value.
      Important:

      When configuring the identity claim type for an SSO profile on Trend Micro Email Security, make sure you use the attribute name specified here.

    8. Click Next.
  7. On the Feedback screen, click I'm an Okta customer adding an internal app, and then click Finish.

    The Sign On tab of your newly created Trend Micro Email Security application appears.

  8. Click View Setup Instructions, and record the URL in Identity Provider Single Sign-On URL and download the certificate in X.509 Certificate.