Active Directory Federation Services (AD FS) provides support for claims-aware identity solutions that involve Windows Server and Active Directory technology. AD FS supports the WS-Trust, WS-Federation, and Security Assertion Markup Language (SAML) protocols.
This section uses Windows 2016 as an example to describe how to configure AD FS as a SAML server to work with Trend Micro Email Security. Make sure you have installed AD FS successfully.
No encryption certificate is required, and HTTPS will be used for communication between Trend Micro Email Security and federation servers.
Specify the SAML 2.0 SSO service URL for your region as follows:
Replace <unique_identifier> with a unique identifier. Record the unique identifier, which will be used when you create an SSO profile on the Trend Micro Email Security administrator console.
Replace <domain_name> with any of the following based on your location:
North America, Latin America and Asia Pacific:
Europe, the Middle East and Africa:
Australia and New Zealand:
Specify the identifier for the relying party trust for your region as follows:
When configuring the identity claim type for an SSO profile on Trend Micro Email Security, make sure you use the claim type specified here.
On the Select Rule Template screen, select Send Group Membership as a Claim for Claim rule template and click Next.
On the Configure Rule screen, specify a claim rule name, click Browse under User's group, and select AD groups.
Specify the outgoing claim type and outgoing claim values. For example, type euc_group and the AD group names.
When configuring the group claim type for an SSO profile on Trend Micro Email Security, make sure you use the group claim type specified here.
Logon URL: <adfs_domain_name>/adfs/ls/
Logoff URL: <adfs_domain_name>/adfs/ls/?wa=wsignout1.0