Views:
This section describes how to add Microsoft Entra ID information on TMWS to connect TMWS with the Microsoft Entra ID service for user authentication and synchronization.

Procedure

  1. Log on to the TMWS management console, and go to AdministrationUSERS & AUTHENTICATIONDirectory Services.
  2. Click here on the upper area of the screen.
  3. On the Authentication Method screen that appears, click Microsoft Entra ID.
  4. Click On or Off to decide whether to allow the AD users of your organization to visit websites through TMWS if their data is not synchronized to TMWS.
    Note
    Note
    Users not synchronized from Microsoft Entra ID can be authenticated only through known TMWS gateways or the dedicated port for your organization.
  5. Configure Identity Provider Settings as follows:
    Service URL
    Login URL on the Microsoft Entra ID admin portal
    Logon name attribute
    User claim name corresponding to the user.onpremisessamaccountname claim value on the Microsoft Entra ID admin portal
    TMWS provides a pre-defined value sAMAccountName for this field. You can use this value or specify a different one. Trend Micro recommends keeping the pre-defined value. If you use a different value, make sure that the values here and in Microsoft Entra ID are identical.
    Public SSL certificate
    Certificate (Base64) downloaded from the Microsoft Entra ID admin portal
  6. Configure Synchronization Settings as follows:
    Tenant
    Directory (tenant) ID or Custom domain name on the Microsoft Entra ID admin portal
    Application ID
    Application (client) ID on the Microsoft Entra ID admin portal
    Client secret value
    Value on the Client secrets screen on the Microsoft Entra ID admin portal
    Synchronization schedule
    Select to synchronize with Microsoft Entra ID manually or according to a schedule. If you choose Manually, whenever there are changes to Active Directory user information, remember to go back to the Directory Services screen and perform manual synchronization so that information in TMWS remains current.
    Note
    Note
    If you choose a schedule, the time to start automatic synchronization depends on the finish time of last synchronization. For example, for a daily schedule, the next synchronization would take place about 24 hours after the last synchronization is completed.
  7. Click Test Connection to check whether the Microsoft Entra ID service can be connected successfully.
  8. Click Save.

What to do next

To ensure successful user authentication between your Microsoft Entra ID and TMWS, if you have configured in Microsoft Entra ID to use another authentication server, add the host where the authentication server resides to either the proxy exception list of your browser or to the skiphost list in the PAC files in use.