Configuring Azure Active Directory | Trend Micro Service Central

Views:

Azure Active Directory (Azure AD) is Microsoft's multi-tenant cloud based directory and identity management service.

Make sure you have a valid subscription in Azure AD that handles the sign-in process and eventually provides the authentication credentials of end users to the End User Console.

On the Azure AD management portal, select an active directory that you want to implement SSO.
Click Enterprise applications in the navigation area on the left and click New application.
On the Browse Azure AD Gallery (Preview) screen, click Create your own application.
On the Create your own application panel that appears on the right, specify a name for your application, for example, Trend Micro Email Security End User Console, and click Create.
Under Getting Started in the overview of your application, click 1. Assign users and groups, click Add user/group, select a specific user or group for this application and click Assign.
In the navigation area of your application, click Single sign-on.
Click SAML to configure the connection from your application to Azure AD using the SAML protocol.
1. Under Basic SAML Configuration, click Edit, specify the identifier and reply URL, and click Save.
  Note:
  Specify the identifier for your region as follows:
  
  https://euc.<domain_name>/uiserver/euc/ssoLogin
  
  Specify the reply URL for your region as follows:
  
  https://euc.<domain_name>/uiserver/euc/ssoAssert?cmpID=<unique_identifier>
  In the preceding and following URLs:
  - Replace <unique_identifier> with a unique identifier. Record the unique identifier, which will be used when you create an SSO profile on the Trend Micro Email Security administrator console.
  - Replace <domain_name> with any of the following based on your location:
    
    North America, Latin America and Asia Pacific:
    
    tmes.trendmicro.com
    
    Europe and Africa:
    
    tmes.trendmicro.eu
    
    Australia and New Zealand:
    
    tmes-anz.trendmicro.com
    
    Japan:
    
    tmems-jp.trendmicro.com
    
    Singapore:
    
    tmes-sg.trendmicro.com
    
    India:
    
    tmes-in.trendmicro.com
    
    Middle East (UAE):
    
    tmes-uae.trendmicro.com
  Click No, I'll test later when you are prompted to choose whether to test single sign-on with Trend Micro Email Security End User Console. You are advised to perform a test after all SSO settings are complete.
2. Under User Attributes & Claims, click Edit, and specify the identity claim.
  User attributes and claims are used to get the email addresses of logon accounts to authenticate their identity. By default, the source attribute user.mail is preconfigured to get the email addresses. If the email addresses in your organization are defined by another source attribute, do the following to add a new claim name:
  
  Click Add new claim. On the Manage claim screen, specify the claim name, leave Namespace empty, select Attribute as Source, select a value from the Source attribute drop-down list, and click Save.
  
  Important:
  When configuring the identity claim type for an SSO profile on Trend Micro Email Security, make sure you use the claim name specified here.
  
  (Optional) Click Add a group claim. On the Group Claims screen, specify the groups associated with the end user, select Group ID as Source attribute, select Customize the name of the group claim, specify the group claim name, for example, euc_group, and click Save.
  
  Important:
  When configuring the group claim type for an SSO profile on Trend Micro Email Security, make sure you use the group claim name specified here.
3. Under SAML Signing Certificate, click Edit, specify an email address for Notification Email Addresses, and click Save. Click Download next to Certificate (Base64) to download a certificate file for Azure AD signature validation on Trend Micro Email Security.
4. Under Set up Trend Micro Email Security End User Console, record the login and logout URLs.