This section describes how to add Microsoft Entra ID information on TMWS to connect TMWS with the Microsoft Entra ID
service for user authentication and synchronization.
Procedure
- Log on to the TMWS management console, and go to .
- Click here on the upper area of the screen.
- On the Authentication Method screen that appears, click Microsoft Entra ID.
- Click On or Off to decide whether
to allow the AD users of your organization to visit websites through TMWS if their data is
not synchronized to TMWS.
Note
Users not synchronized from Microsoft Entra ID can be authenticated only through known TMWS gateways or the dedicated port for your organization. - Configure Identity Provider Settings as follows:Service URLLogin URL on the Microsoft Entra ID admin portalLogon name attributeUser claim name corresponding to the user.onpremisessamaccountname claim value on the Microsoft Entra ID admin portalTMWS provides a pre-defined value sAMAccountName for this field. You can use this value or specify a different one. Trend Micro recommends keeping the pre-defined value. If you use a different value, make sure that the values here and in Microsoft Entra ID are identical.Public SSL certificateCertificate (Base64) downloaded from the Microsoft Entra ID admin portal
- Configure Synchronization Settings as follows:TenantDirectory (tenant) ID or Custom domain name on the Microsoft Entra ID admin portalApplication IDApplication (client) ID on the Microsoft Entra ID admin portalClient secret valueValue on the Client secrets screen on the Microsoft Entra ID admin portalSynchronization scheduleSelect to synchronize with Microsoft Entra ID manually or according to a schedule. If you choose Manually, whenever there are changes to Active Directory user information, remember to go back to the Directory Services screen and perform manual synchronization so that information in TMWS remains current.
Note
If you choose a schedule, the time to start automatic synchronization depends on the finish time of last synchronization. For example, for a daily schedule, the next synchronization would take place about 24 hours after the last synchronization is completed. - Click Test Connection to check whether the Microsoft Entra ID service can be connected successfully.
- Click Save.
What to do next
To ensure successful user authentication between your Microsoft Entra ID and TMWS, if you have
configured in Microsoft Entra ID to use another authentication server, add the host
where the
authentication server resides to either the proxy exception list of your browser or
to the skiphost list in the PAC files in use.