Topics on this page
Configure SAML single sign-on
When you configure Trend Micro Cloud One to use SAML single sign-on (SSO), users signing in to your organization's portal can seamlessly sign in to Cloud One without another credential check.
Typically, there are two people required to configure Cloud One to use SAML single sign-on (SSO): a Cloud One administrator and an administrator for the identity provider.
Cloud One uses the SAML 2.0 protocol for authentication and has been tested with the following identity providers:
- Active Directory Federation Services (ADFS)
- Azure Active Directory (Azure AD)
- Okta
In addition, any other identity provider compliant with SAML 2.0 is expected to function with Cloud One.
| Step | Performed By |
|---|---|
| Download the metadata XML for Trend Micro Cloud One | Cloud One Administrator |
| Configure SAML providers | Identity provider Administrator |
| Configure SAML In Trend Micro Cloud One | Cloud One Administrator |
Download the metadata XML for Trend Micro Cloud One
- Log into Trend Micro Cloud One with Full Access to the Identity and Account permissions.
- Click Administration near the bottom of the page.
- Click the Identity Providers tab on the left.
- Click the Download Metadata XML for Trend Micro Cloud One link, or right-click the link, and select an option to save the file.
This XML file will be used in order to configure SAML. You will use a different XML file to upload into Cloud One later.
Configure SAML identity providers
Configure SAML in Trend Micro Cloud One
- From the Cloud One Identity Providers page, click New.
- From the Identity Provider dialog box, in the Name field, type any name, but we recommend that the name include the identity provider, such as Azure AD or Okta.
- In the Metadata XML File box, click the Browse button, then navigate to the metadata file that you downloaded from the identity provider (not Cloud One).
- For the Mapping section (see explanation in About SAML single sign-on) provide a role and attribute as detailed in the identity provider specific guides.
- Click Save.
In the Mapping section, click + to add more than one Group. You can configure multiple groups to have different access privileges.