Views:

Configure Microsoft Entra ID as a SAML (2.0) identity provider for Trend Vision One to use.

Microsoft Entra ID is a multi-tenant cloud based directory and identity management service.
To use Microsoft Entra ID as an identity provider (IdP), you must have a valid subscription with a Microsoft Entra ID edition license (Free, Basic, or Premium) that handles the sign-in process and provides authentication credentials to the Trend Vision One management console.

Procedure

  1. Create a new enterprise application in the Microsoft Entra ID console.
    1. Sign in to the Microsoft Azure portal using your Microsoft Entra ID administrator account.
    2. Under Azure services, click Microsoft Entra ID.
      On first use, you might need to click More services and search for Microsoft Entra ID.
    3. In the left navigation bar, go to ManageEnterprise applications.
    4. Click + New application.
    5. On the Browse Microsoft Entra Gallery screen, click + Create your own application.
      The Create your own application window appears.
    6. Specify a display name for the application.
    7. Under What are you looking to do with your application?, select Integrate any other application you don't find in the gallery (Non-gallery).
    8. Click Create.
      The Overview screen for the application appears.
  2. Assign users and roles to the application.
    Important
    Important
    If you intend to use the Private Access and Internet Access services in Zero Trust Secure Access, Trend Micro recommends skipping this step. Instead, go to ManageProperties in the left navigation bar, use the toggle to disable Assignment required? toggle, click Save, and then go on to Step 3.
    If user assignment is required, assign each user individually to use the Private Access service and Internet Access service.
    1. Under Getting Started, click the link in the 1. Assign users and groups section.
    2. Click + Add user/group.
    3. Under Users and groups in the left navigation bar, click None Selected.
    4. Select or search for the users you want to assign, and then click Select.
    5. When you have finished selecting users, click Assign.
    6. Click Assign.
      The selected users appear on the Users and groups screen
      for the application.
  3. Configure single sign-on for the application.
    1. Go to Overview in the left navigation bar.
    2. Under Getting Started, click the link in the 2. Set up single sign on section.
    3. Under Select a single sign-on method, click SAML.
    4. Click Upload metadata file.
    5. Click Select a file and select the metadata XML file downloaded from Identity Providers in the Trend Vision One console.
      For more information on obtaining the Trend Vision One metadata file, see Identity Providers (Foundation Services release).
    6. Click Add to upload the file.
      The Basic SAML Configuration window appears automatically.
    7. Click Save and close the Basic SAML Configuration window.
  4. (Optional) Configure attributes and claims to support IdP-Only SAML Group Accounts.
    1. In the Attributes & Claims section, click Edit.
      The Attributes & Claims screen appears.
    2. For Unique User Identifier (Name ID), ensure that the default value is user.userprincipalname.
    3. Click + Add a group claim to grant selected groups access to Trend Vision One.
    4. Based on the users you assigned to the application, select the most suitable option.
      For more information on selecting groups, see Microsoft Entra ID documentation.
    5. For Source attribute, use the default value Group ID.
    6. Click Save.
      Be sure to copy and retain the Group ID claim name to specify as the Group attribute in the Trend Vision One Identity Providers app.
    7. (Optional) Click + Add new claim, specify name in the Name field and select an attribute for the Source attribute field, then click Save.
      Trend Micro recommends skipping this step unless you want to use an attribute other than the default, user.userprincipalname, to distinguish different users. By default, users are distinguished by their NameID.
      If you choose to complete this step, be sure to copy and retain this claim name to specify as the User attribute in the Trend Vision One Identity Providers app.
    8. Click + Add new claim, specify displayname in the Name field and user.displayname in the Source attribute field, and click Save.
      Be sure to copy and retain this claim name to specify as the User display name attribute in the Trend Vision One Identity Providers app.
      MicrosoftEntraIDClaims=GUID-b8fb2432-007c-4e19-876d-826703b95818.png
    9. Click SAML-based Sign-on to return to the previous screen.
    10. If prompted to test single sign-on with the new application, click No, I'll test later.
  5. In the SAML Certificates section, click Download to obtain the Federation Metadata XML file.
  6. In the Trend Vision One console, add Microsoft Entra ID as an identity provider and import the downloaded metadata file.
    For more information on adding identity providers to Trend Vision One, see Identity Providers (Foundation Services release).