Table of contents

Configure SAML single sign-on

When you configure Trend Micro Cloud One to use SAML single sign-on (SSO), users signing in to your organization's portal can seamlessly sign in to Cloud One without another credential check.

Typically, there are two people required to configure Cloud One to use SAML single sign-on (SSO): a Cloud One administrator and an administrator for the identity provider.

Cloud One uses the SAML 2.0 protocol for authentication and has been tested with the following identity providers:

  • Active Directory Federation Services (ADFS)
  • Azure Active Directory (Azure AD)
  • Okta
  • Google

In addition, any other identity provider compliant with SAML 2.0 is expected to function with Cloud One.

Step Performed By
Download the metadata XML for Trend Micro Cloud One Cloud One Administrator
Configure SAML providers Identity provider Administrator
Configure SAML In Trend Micro Cloud One Cloud One Administrator

Download the metadata XML for Trend Micro Cloud One

Download Cloud One metadata

  1. Log into Trend Micro Cloud One with Full Access to the Identity and Account permissions.
  2. Click Administration near the bottom of the page.
  3. Click the Identity Providers tab on the left.
  4. Click the Download Metadata XML for Trend Micro Cloud One link, or right-click the link, and select an option to save the file.

This XML file will be used in order to configure SAML. You will use a different XML file to upload into Cloud One later.

Configure SAML identity providers

Configure SAML in Trend Micro Cloud One

Create identity provider

  1. From the Cloud One Identity Providers page, click New.
  2. From the Identity Provider dialog box, in the Name field, type any name, but we recommend that the name include the identity provider, such as Azure AD or Okta.
  3. In the Metadata XML File box, click the Browse button, then navigate to the metadata file that you downloaded from the identity provider (not Cloud One).
  4. For the Mapping section (see explanation in About SAML single sign-on) provide a role and attribute as detailed in the identity provider specific guides.
  5. Click Save.

In the Mapping section, click + to add more than one Group. You can configure multiple groups to have different access privileges.