Configuring Accounts

Create and manage Trend Vision One user accounts to allow authorized users to access the console or connect third-party apps with APIs.

  1. Go to Account > User Accounts.
  2. Add or edit an account:
    • For new accounts:

      1. Click Add.

      2. Specify an email address for the Account.

      3. Select an Account type.

        Note:
        • You must configure Single Sign-On to select "SAML account" as an account type.

        • The Account must match the SAML user name.

    • For existing accounts:

      1. Click the account email address.

      2. (Optional) To reset and type a new password or resend the verification email, click Reset Password.

        Note:

        Only local accounts can reset their password.

  3. Select a Role.

    To create a custom user role, click Create a custom role in User Roles. For more information, see User Roles.

    Note:

    Creating a new custom role leaves the current screen and discards all changes made on the screen.

  4. Select an Access level.
  5. Generate or delete an authentication token.
    Important:
    • To connect third-party applications with Trend Vision One APIs, you must generate an authentication token. The authentication token requires setting the account Access level to either "API only" or "Trend Vision One console and APIs".

    • Each authentication token is associated with an account and shares the permissions of the selected role for the account. The role must have the necessary permissions to connect to specific APIs. For a list of the necessary permissions, see https://automation.trendmicro.com/xdr/Guides/Authentication.

    • Trend Vision One does not automatically send the authentication token to the user. You must copy the authentication token and send it to the user manually.

    • Once you save and close Account Details, the authentication token is no longer available to view or copy.

    • The expiration period of authentication tokens is configurable. You can view the expiration date in the Account Details panel.

    • This action can only be performed by an account with the Master Administrator role.

  6. Specify the Given name and Surname of the account user.
  7. (Optional) When editing an account, enable or disable the account by clicking the Status toggle.
  8. (Optional) Specify a description for the account.
  9. Click Add or Save.
    • For local accounts:

      • Users must verify the email address and create a password.

        The verification link expires after 24 hours. If the verification link expires, any account with the "Master Administrator" role can resend the verification email message.

    • For SAML accounts:

      • Users must provide their credentials to log on.