This section describes how to configure SSO and user synchronization settings in Azure AD to work with TMWS.
The Set up Single Sign-On with SAML screen appears.
The Basic SAML Configuration screen appears.
Identifier (Entity ID): Uniquely identifies TMWS for which single sign-on is being configured.
Reply URL (Assertion Consumer Service URL): Where TMWS expects to receive the authentication token.
Copy and paste the information from the TMWS management console. You can get it under the Service Provider Settings for the Azure Admin Portal area on the Authentication Method screen for Azure AD from Administration > Directory Services > here.
A message appears to confirm that your settings were saved successfully.
A pre-defined name is configured in the Logon name attribute field on the TMWS management console. You can get it under the Identity Provider Settings area on the Authentication Method screen for Azure AD from Administration > Directory Services > here. You can use that name or specify a name as necessary. Make sure that the values in Azure AD and on TMWS both are identical.
Click the Download link for the Certificate (Base64) file.
Click Edit to create a new certificate.
On the SAML Signing Certificate screen that appears, click New Certificate.
Change the expiration date as necessary. Trend Micro recommends keeping the default settings as follows: Signing Option - Sign SAML assertion and Signing Algorithm - SHA-256.
Click Save.
A message appears to confirm that your settings were saved successfully.
Click the three dots at the end of this certificate, select Make certificate active, and then click Yes.
The newly created certificate becomes active.
Close the SAML Signing Certificate screen, and under SAML Signing Certificate, Click the Download link for the Certificate (Base64) file.
This downloads a file to your browser's specified download area. Later, you will upload the certificate file to TMWS.
The Add Assignment screen appears.
A message appears to confirm that your settings were saved successfully.
The newly added client secret appears under the Client secrets area.
Group.Read.All
User.Read.All
A message appears to confirm that your settings were saved successfully. The newly added permissions appear on the API permissions screen.
A message appears to confirm that the admin consent for the requested permissions was successfully granted.
You can also click Custom domain names under Azure Active Directory > Manage and record the domain name in the right pane.