Topics on this page
Okta setup guide
This page applies to new accounts created on or after August 4, 2021, and to accounts upgraded to the new sign in system.
Download the metadata XML for Cloud One
- Log into Cloud One with Full Access to the Identity and Account permissions.
- Click User Management near the bottom of the page.
- Click the Identity Providers tab on the left.
- Click the Download Metadata XML for Trend Micro Cloud One link, or right-click the link, and select an option to save the file.
This XML file will be read in order to configure SAML in Okta. You will use a different XML file to upload into Cloud One later.
Configuring SAML in Okta
Refer to Okta's Documentation for further details on the steps below.
Create your Okta application
- Log in to Okta. If you do not have an Okta account, but you wish to test the functionality, then you can opt for a Developer Account instead.
- Expand and click Applications on the left side. Click Create App Integration, select SAML 2.0 then click Next. Fill in the general settings then click Next.
- Fill in the page as follows:
|Single sign on URL||From the Cloud One metadata XML file, enter the value for
||For example: https://saml.cloudone.trendmicro.com/idpresponse|
|Use this for Recipient URL and Destination URL||Checked|
|Audience URL||From the Cloud One metadata XML file, enter the value for
||For example: https://saml.cloudone.trendmicro.com|
- Leave other general fields as their default values
|Name||name||Unspecified||String.append(user.firstName + " " + user.lastName)|
The above SAML attribute claims are recommendations, you can customize them as need be.
Group Attribute Statements:
|Group||groups||Unspecified||Here you can define exactly what groups you want to allow access. For any group you can put
See the attributes claims guide for more information.
- When done, click Next and select I'm an Okta customer adding an internal app and select the check box for This is an internal app that we have created then click Finish.
If your app requires additional SAML configuration instructions to work with Okta, select the check box for It's required to contact the vendor to enable SAML. Fill in the provided fields to help the Okta support team understand your SAML configuration.
Assign groups to the application
- Click the Assignments tab and assign a group to your application. Ensure users you wish to use are associated with that group.
- You can configure this in Okta's user directory.
Download Okta's metadata
- Click the Sign On tab and click the identity provider metadata link to download the metadata for your application.
Configure SAML in Cloud One
- From the Cloud One Identity Providers page, click New.
- From the Identity Provider dialog box, in the Alias field, type any name, but we recommend that the name include the identity provider, such as Azure AD or Okta.
- In the Metadata XML File box, click the Browse button, then navigate to the metadata file that you downloaded from the identity provider (not Cloud One).
- For the Mapping section (see explanation in About SAML single sign-on) provide a role and attribute as detailed in the next steps.
- Set Role attribute: to:
groups(the value of Name from Group Attribute Statements).
- Set Group to the name of the group, for example
Everyone, then select what access you want that group to have.
- Set Name attribute to:
- Set Locale attribute to:
- Set Timezone attribute to:
- Click Save.
In the Mapping section, click + to add more than one Group. You can configure multiple groups to have different access privileges.
Test SAML SSO
- Log in to Okta as a user who has access to the application.
- Click the new Cloud One application to log in and you will be automatically logged in to Cloud One.
If you are having difficulties, please reference our troubleshooting SAML guide for assistance.