Views:
This section describes how to add Azure AD information on TMWS to connect TMWS with the Azure AD service for user authentication and synchronization.

Procedure

  1. Log on to the TMWS management console, and go to AdministrationUSERS & AUTHENTICATIONDirectory Services.
  2. Click here on the upper area of the screen.
  3. On the Authentication Method screen that appears, click Azure AD.
  4. Click On or Off to decide whether to allow the AD users of your organization to visit websites through TMWS if their data is not synchronized to TMWS.
    Note
    Note
    Users not synchronized from Azure AD can be authenticated only through known TMWS gateways or the dedicated port for your organization.
  5. Configure Identity Provider Settings as follows:
    Service URL
    Login URL on the Azure AD admin portal
    Logon name attribute
    User claim name corresponding to the user.onpremisessamaccountname claim value on the Azure AD admin portal
    TMWS provides a pre-defined value sAMAccountName for this field. You can use this value or specify a different one. Trend Micro recommends keeping the pre-defined value. If you use a different value, make sure that the values here and in Azure AD are identical.
    Public SSL certificate
    Certificate (Base64) downloaded from the Azure AD admin portal
  6. Configure Synchronization Settings as follows:
    Tenant
    Directory (tenant) ID or Custom domain name on the Azure AD admin portal
    Application ID
    Application (client) ID on the Azure AD admin portal
    Client secret value
    Value on the Client secrets screen on the Azure AD admin portal
    Synchronization schedule
    Select to synchronize with Azure AD manually or according to a schedule. If you choose Manually, whenever there are changes to Active Directory user information, remember to go back to the Directory Services screen and perform manual synchronization so that information in TMWS remains current.
    Note
    Note
    If you choose a schedule, the time to start automatic synchronization depends on the finish time of last synchronization. For example, for a daily schedule, the next synchronization would take place about 24 hours after the last synchronization is completed.
  7. Click Test Connection to check whether the Azure AD service can be connected successfully.
  8. Click Save.

What to do next

To ensure successful user authentication between your Azure AD and TMWS, if you have configured in Azure AD to use another authentication server, add the host where the authentication server resides to either the proxy exception list of your browser or to the skiphost list in the PAC files in use.