Logon Methods

Trend Micro Email Security allows you to control the way that end users access the End User Console.

On the Logon Methods screen, you can enable or disable the following logon methods:

  • Local Account Logon

    If this method is enabled, end users can log on to the End User Console with their user name and password of the local managed accounts they have registered on the End User Console. Enforcing two-factor authentication adds an extra layer of security to the end user accounts.

  • Single Sign-On

    Once you enable single sign-on (SSO) and complete required settings, end users can log on to the End User Console through SSO with their existing identity provider credentials. You can create multiple SSO profiles so that different end users can log on to the End User Console from different identity provider servers through SSO.

    When creating an SSO profile, you need to specify the domains to which the profile applies. Assume that subaccount A manages domain A, B and C, subaccount B manages domain B and subaccount C manages domain C. The relationship between SSO profiles, managed domains and subaccount permissions are as follows:

    SSO Profile

    Managed Domains

    Subaccount Permission

    Profile 1

    Domains A and B

    • Subaccount A: read and edit

    • Subaccount B: read only

    • Subaccount C: cannot read, edit or delete

    Profile 2

    Domain C

    • Subaccount A: read and edit

    • Subaccount B: cannot read, edit or delete

    • Subaccount C: read and edit

    Profile 3

    All domains

    • Subaccount A: read only

    • Subaccount B: read only

    • Subaccount C: read only

    Trend Micro Email Security currently supports the following identity providers for SSO:

    • Microsoft Active Directory Federation Services (AD FS)

    • Azure Active Directory (Azure AD)

    • Okta

Parent topic: End User Management