Configuring Azure AD Settings on TMWS

This section describes how to add Azure AD information on TMWS to connect TMWS with the Azure AD service for user authentication and synchronization.

  1. Log on to the TMWS management console, and go to Administration > USERS & AUTHENTICATION > Directory Services.
  2. Click here on the upper area of the screen.
  3. On the Authentication Method screen that appears, click Azure AD.
  4. Click On or Off to decide whether to allow the AD users of your organization to visit websites through TMWS if their data is not synchronized to TMWS.
    Note:

    Users not synchronized from Azure AD can be authenticated only through known TMWS gateways or the dedicated port for your organization.

  5. Configure Identity Provider Settings as follows:

    Service URL

    Login URL on the Azure AD admin portal

    Logon name attribute

    User claim name corresponding to the user.onpremisessamaccountname claim value on the Azure AD admin portal

    TMWS provides a pre-defined value sAMAccountName for this field. You can use this value or specify a different one. Trend Micro recommends keeping the pre-defined value. If you use a different value, make sure that the values here and in Azure AD are identical.

    Public SSL certificate

    Certificate (Base64) downloaded from the Azure AD admin portal

  6. Configure Synchronization Settings as follows:

    Tenant

    Directory (tenant) ID or Custom domain name on the Azure AD admin portal

    Application ID

    Application (client) ID on the Azure AD admin portal

    Client secret

    Client secret on the Azure AD admin portal

    Synchronization schedule

    Select to synchronize with Azure AD manually or according to a schedule. If you choose Manually, whenever there are changes to Active Directory user information, remember to go back to the Directory Services screen and perform manual synchronization so that information in TMWS remains current.

  7. Click Test Connection to check whether the Azure AD service can be connected successfully.
  8. Click Save.

To ensure successful user authentication between your Azure AD and TMWS, if you have configured in Azure AD to use another authentication server, add the host where the authentication server resides to either the proxy exception list of your browser or to the skiphost list in the PAC files in use.