Invite all users in an Active Directory (on-premises) group to sign in to the Trend Vision One console using their identities in the IdP solution.
Procedure
- Make sure that Active Directory Federation Services is configured in to set up SSO authentication between Active Directory (on-premises) and Trend Vision One.For details, see Configuring Active Directory Federation Services.
- Make sure that you have set up connection with Active Directory (on-premises) in to synchronize group data from the identity provider.For details, see Active Directory (on-premises) integration.
- Go to .
- Click Add User Account.
- Select SAML Group.
- Select Active Directory (on-premises) from the Identity provider drop-down list box.
- Enter the email address of a group in Active Directory (on-premises).
- Enter the name of the group.
- Select a Trend Vision One role to assign to the users in the group.To create a custom user role, click Create a custom role in User Roles. For more information, see User Roles.
Note
Creating a custom role leaves the current screen and discards all changes made in the screen. - Add some description about the SAML group.
- Click Add.The group and its members appear in the User Accounts list.
- Make sure that group users verify their email addresses.Users who need to verify their email addresses have an email sent icon (
) in the Status column.Note
-
Users must verify their email addresses to be able to sign in to Trend Vision One.
-
The verification link expires after 24 hours. If the verification link expires, any account with the Configure account settings permission can resend the verification email.
-
If one or more of your domains have been verified using Domain Verification, all SAML users or user group members under a verified domain can be added directly without the need to verify email addresses.
-
- (Optional) When editing an account, enable or disable the account by clicking the toggle in the Status column.