Authentication Agent Configuration

Prepare a computer on which to install the Authentication Agent.

TMWS supports the following operating systems for the agent and the AD server:
  • Windows Server 2012 and 2012 R2

  • Windows Server 2016

  • Windows Server 2019

If you want to authenticate roaming users and Active Directory users transparently:

  • Be sure that the computer has a public IP address or a publicly resolvable FQDN.

  • Do not add the IP address or FQDN to the PAC file's skiphosts section or to the browser's proxy bypass list.

  1. Download the agent installation package.
  2. Copy the installation package to the computer that you prepared for the agent and then extract the content of the package.
  3. Execute the .msi file to launch the installation wizard and then follow the prompts to complete the installation.
  4. From the Trend Micro IWSaaS Authentication Agent dialog box, configure the following:



    Auth Agent Port

    Type the port where the Authentication Agent operates. If you change the default 443 port, also change the firewall settings to give incoming traffic access to the new port for the Authentication Agent.

    Transparent Authentication Port

    Type the port number used for transparent authentication.

    Be sure to configure firewall settings for TMWS to allow incoming traffic through the transparent authentication port.

    LDAP Server Address

    Type the Active Directory server address.

    If you use a global catalog server or a trusting domain, set the port number to 3268 or 3269 based on whether the corresponding server uses LDAP or LDAPS.

    Base DN

    Type name used by the Active Directory server as a reference point when querying Active Directory.

    LDAP Admin Account (Username and Password)

    Type the Active Directory authentication credentials.

  5. Follow these steps if you need to replace the currently installed Trend Micro self-signed root certificate with your organization's certificate (for example, to increase security or to prevent warning messages from showing on end users' browsers):
    1. Click Replace IWSaaS Certificate.
    2. In the new window that displays, specify your organization's public certificate, private key, and public certificate chain, and then click OK.

      Use a public certificate if you do not have a public certificate chain.

  6. Click Apply.
  7. On the TMWS management console, go to Administration > USERS & AUTHENTICATION > Directory Services and configure settings. For details, see Agent Authentication.