Table of contents

Upgrade a legacy account to use the new sign in system

This page provides instructions for upgrading a legacy Trend Micro Cloud One account to use the new sign-in and accounts system that was launched on August 4th, 2021. It only applies to customers who signed up for Trend Micro Cloud One before this date.

The legacy sign-in system is nearing end of support and will be discontinued on July 11, 2022. Customers must upgrade their login credentials and account before then to retain access to their accounts. When logging into Cloud One, all users of the legacy sign-in system will now see a warning banner reminding them to upgrade.

The new Trend Micro Cloud One sign-in and accounts system provides a number of enhancements to Trend Micro Cloud One platform features, as well as new API endpoints and API keys that provide improved latency and reliability.

Upgrading your account does not impact any existing deployment or configuration in the account, including existing API integrations. After upgrading the account, update your API endpoints and then remove your old API keys.

This is the upgrade process:

  1. Read through Changes to Trend Micro Cloud One accounts to understand the differences between legacy and new accounts.
  2. Create a new login identity using your email address.
  3. Invite other administrators to upgrade using their email addresses.
  4. Complete the account upgrade.
  5. Create new Trend Micro Cloud One API keys.
  6. Update your API clients.
  7. Remove your old API keys.

If you are a Network Security customer, you may have created an API key for adding appliances. You will need to create a new API key as described below and use this new key to add new appliances. You do not need to re-register existing appliances.

Create a new login identity

Once your request is processed, you'll get a banner on the landing page prompting you to upgrade to the new sign-in mechanism.

  1. Click Upgrade Now.

    Trend Micro Cloud One console with banner containing an Upgrade Now button

    If you don't see the banner in your account, upgrade might not be enabled. You can send a request to cloudone_account_upgrade@trendmicro.com to have upgrade enabled for your account.

  2. Provide your email address. This is the email address that you'll use to sign in to your account with the new login system.

    Page with text box for entering email address

  3. Look for the invitation email in your inbox. It has the subject "You're invited to Trend Micro Cloud One".

  4. Click the link in the invitation email, which takes you to the Sign Up page.

    Trend Micro Cloud One Sign Up page

  5. Fill the fields on this page to create a new login with your email address and password.

  6. You'll get another email asking you to confirm your new login and email address. Click the link in the confirmation email, which takes you back to Trend Micro Cloud One to sign in.

  7. Sign in with the email and password you provided in step 5.

    Trend Micro Cloud One Sign In page

  8. After signing in, you are prompted to accept the invitation into your Trend Micro Cloud One account.

    My Invitations page

Now is a great time to set up multi-factor authentication on your account. You can also require multi-factor authentication for all users trying to sign in to your account.

Invite other administrators to upgrade

If your account has multiple administrators and you are a full-access administrator, you will be sent to the account update page after you log in with your new credentials.

User migration

This page shows all of the administrators with local login credentials and their upgrade status. You can use this page to confirm the email address for each user and the role that they should have.

There is no change for users who log in through an external identity provider using SAML. Only users who log in with local credentials need to upgrade.

Select users and click the Invite Selected Users button to send invitations to the other administrators in your account.

Invite users modal

Once you've sent invitations to everyone you want to upgrade, you can click Complete Account Upgrade to finalize the upgrade.

Complete the account upgrade

If you are the only administrator in your account or if all other administrators have updated their credentials, you will be prompted to complete the update process:

Trend Micro Cloud One account upgrade completion prompt

Select Complete update to finish the identity update process.

You can also select Complete Account Update before everyone has accepted their invitations.

Create an API key

  1. On the Trend Micro Cloud One landing page, select User Management.
  2. On the left side of the console, select API Keys.
  3. Select New.
  4. On the screen that appears, enter this information and then select Next:

    • API Key Alias: A friendly name that will help you identify the API key
    • Role: The API key can have access to various Trend Micro Cloud One services, depending on the role assigned.
    • Language: English or Japanese
    • Timezone: Time zone where the API key's user is located.
  5. The API key value is displayed. Copy the value now and save it in a safe location because it can't be displayed again. If you lose it, you will need to create a new API key.

  6. Select Close.

Update your API clients

Update your API client to use the new URLs and send your API keys in the new "Authorization" header, as detailed in the following sections.

New URL

Your old API clients used https://cloudone.trendmicro.com/api/SERVICE/RESOURCE, for example https://cloudone.trendmicro.com/api/network/appliances. These API endpoints have been deprecated in favor of regional endpoints that are faster and more reliable. We intend to shut down the legacy endpoints at the end of 2021.

All legacy accounts located in the us-1 region, so use the following base URLs to access APIs:

Service Base URL Notes
Application Security https://application.us-1.cloudone.trendmicro.com/ No trailing /api for Application Security.
Container Security https://container.us-1.cloudone.trendmicro.com/api/ The API endpoint for Container Security must end in /api, except when it is used in the overrides file to add a cluster. In that situation, it should NOT be included.
endpoint: https://container.us-1.cloudone.trendmicro.com
Fie Storage Security https://filestorage.us-1.cloudone.trendmicro.com/api/  
Network Security https://network.us-1.cloudone.trendmicro.com/api/  
Workload Security https://workload.us-1.cloudone.trendmicro.com/api/  

The Conformity API endpoints are not changing at this time.

New Authorization header

With the old API keys, you provided the API key in the api-secret-key header. You now need to send the new API keys in the Authorization header, like this:

Authorization: ApiKey 1yPmw7lSUQnsCOnR9PNuHROtnlI:7cTPvdoDqEXAMPLEKEY...

For more information, see Making requests with Trend Micro Cloud One API keys.

Remove your old API keys

  1. In Trend Micro Cloud One console, go to Workload Security.
  2. Go to Administration > User Management > API Keys.
  3. Delete the API keys that you are no longer using.

Or, if you would prefer to take a more conservative approach, you can disable the key for a period of time before deleting it:

  1. Select the key.
  2. Select Properties.
  3. In the Properties dialog box, select the Locked Out checkbox and then click OK to disable the key.

If you need to re-enable a disabled key, deselect the Locked Out checkbox.