Configuring Azure Active Directory
Configure Azure AD as a SAML (2.0) identity provider for Trend Vision One to use.
Azure Active Directory (Azure AD) is Microsoft's multi-tenant cloud based directory and identity management service.
To use Azure Active Directory, you must have a valid subscription with an Azure AD edition license (Free, Basic, or Premium) that handles the sign-in process and eventually provides the authentication credentials to the Trend Vision One management console.
- Sign in to the Azure management portal at https://portal.azure.com using your Azure AD administrator account.
- On the Microsoft Azure main page, click Azure Active Directory. On first use, click More services and find Azure Active Directory.
-
In the left navigation, click Enterprise
applications.
The Enterprise applications | All Applications screen appears.
-
Click New application.
The Browse Azure AD Gallery screen appears.
- Click Create your own application.
-
Type a display name for the application.
For example, type XDR.
- Select Integrate any other application you don't find in the gallery.
- Click Create.
-
(Optional) Assign users and roles:
Important:
If you intent to use the private access service and internet access service in the Zero Trust Secure Access app, Trend Micro recommends that you skip step 9. Instead, go to Properties in the left navigation, disable the User assignment required? toggle, and then proceed to step 10.
If you require user assignment, assign each user individually to use the private access service and internet access service.
-
Under the Getting Started section, click
Assign users and groups.
The Users and groups screen appears.
-
Click Add user.
The Add Assignment screen appears.
-
Click Users.
A new frame for Users appears on the right side of the screen.
-
Click the users you want to assign, and then click
Select.
The number of selected users appear under Users and the Assign button is enabled.
-
Click Assign.
The Users and groups screen appears.
-
In the left navigation, click Overview.
The Overview screen appears.
-
Under the Getting Started section, click
Assign users and groups.
-
Under the Getting Started section, click Set
up single sign on.
The Single sign-on screen appears.
-
Click SAML.
The SAML-based Sign-on screen appears.
-
Click Upload metadata file.
The Upload metadata file window appears.
-
Click Select a file.
A browse file window appears.
-
Browse and open the metadata.xml file that you downloaded in a previous
step.
The browse file window closes.
-
In the Upload metadata file window, click
Add.
The Basic SAML Configuration window appears.
-
Type the Trend Vision One
Identifier (Entity ID).
The Identifier URL can be obtained from the metadata.xml file downloaded from Trend Vision One.
Open the metadata.xml file in a text editor, and then copy the value of the entityID attribute from the EntityDescriptor element. Use the copied value for the Identifier (Entity ID).
In the following example, the value is https://example.com/ID.
<?xml version="1.0"?> <EntityDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" entityID="https://example.com/ID" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> ...
- In the User Attributes & Claims section, ensure that the Unique User Identifier is configured to the following: user.userprincipalname
-
Click Save.
The settings are saved.
-
After the settings have been saved, click the close icon in the Basic SAML Configuration window.
The Basic SAML Configuration closes and the SAML-based Sign-on window appears.
- If prompted to test single sign on now, click No, I'll test later.
-
Under the SAML Signing Certificate section, click
Download for Federation Metadata
XML, and then save the file.
Note:
Import this metadata file to Trend Vision One.
