Views:

To set up SSO using Okta:

Log in to your Okta organization as a user with administrative privileges.
Click Admin in the upper-right.

^{Click the image to enlarge.}

If you are in the Developer Console, click < > Developer Console in the upper-left corner, and then click Classic UI to switch over to the Admin Console.
Navigate to Applications > Applications, then click Create App Integration.

^{Click the image to enlarge.}
Select SAML 2.0 as the Sign in method, and then click Next.

^{Click the image to enlarge.}
On the General Settings screen, enter "Trend Micro Email Security" in the App name field, and click Next.

^{Click the image to enlarge.}

On the Configure SAML screen, specify the following:

Note

For the succeeding steps:

Replace <unique_identifier> with a unique identifier. Record the unique identifier, which will be used when you create an SSO profile on the Trend Micro Email Security administrator console.

^{Click the image to enlarge.}

Replace <domain_name> with any of the following based on your location:

Region/Location	Domain
North America, Latin America and Asia Pacific	tmes.trendmicro.com
Europe, the Middle East and Africa	tmes.trendmicro.eu
Australia and New Zealand	tmes-anz.trendmicro.com
Japan	tmems-jp.trendmicro.com
Singapore	tmes-sg.trendmicro.com

Type https://ui.<domain_name>/uiserver/subaccount/ssoAssert?cmpID=<unique_identifier> in Single sign on URL based on your serving site.
Select Use this for Recipient URL and Destination URL.
Type https://ui.<domain_name>/uiserver/subaccount/ssoLogin in the Audience URI in Audience URI (SP Entity ID).
Select EmailAddress in Name ID format.
Select Okta username in Application username.

^{Click the image to enlarge.}
(Optional) Click Show Advanced Settings and specify the following settings:

This step is required only if you want to configure a logoff URL on the Trend Micro Email Security administrator console. The logoff URL is used to log you off and also terminate the current identity provider logon session.
1. Next to Enable Single Logout, select the Allow application to initiate Single Logout check box.
2. Type https://ui.<domain_name>/uiserver/subaccount/sloAssert?cmpID=<unique_identifier> in Single Logout URL.
3. Type https://ui.<domain_name>/uiserver/subaccount/ssoLogout in SP Issuer.
4. Upload the logoff certificate in the Signature Certificate area.
  You need to download the logoff certificate from the Trend Micro Email Security administrator console in advance. Go to Administration > Administrator Management > Logon Methods. Click Add in the Single Sign-on section. On the pop-up screen, locate the Identity Provider Configuration section, select Okta as Identity provider and click Download Logoff Certificate to download the certificate file.
  
  ^{Click the image to enlarge.}
5. Keep the default values for other settings.
  
  ^{Click the image to enlarge.}
Under the Attribute Statements (optional) section, specify the following:

When configuring the identity claim type for an SSO profile on Trend Micro Email Security, make sure you use the attribute name specified here.
- Name: email
- Name format: Unspecified
- Value: user.email
^{Click the image to enlarge.}
Click Next.

On the Feedback screen, click I'm an Okta customer adding an internal app. Select This is an internal app that we have created, and then click Finish.

^{Click the image to enlarge.}
Click the View Setup Instructions button, record the URL in Identity Provider Single Sign-On URL and the certificate content in X.509 Certificate.

^{Click the image to enlarge.}
Assign the application to people.

Make sure to add these users as Administrators in the Trend Micro Email Security management console.
1. Select Directory > People.
  
  ^{Click the image to enlarge.}
2. Click the user that you want to assign the application to, and then click Assign Applications.
  
  ^{Click the image to enlarge.}
3. Locate the Trend Micro Email Security you added, and click Assign.
  
  ^{Click the image to enlarge.}
4. Verify the user name and click Save and Go Back.
  
  ^{Click the image to enlarge.}
5. Confirm that the application is assigned to this user.
  
  ^{Click the image to enlarge.}
6. Repeat the above steps to assign the application to more users as necessary.

Make sure that the user/s you have assigned from Step 9, is added under Administration > Administrator Management > Account Management in order to use it for SSO login.

Keywords: enabling TMEMS SSO using Okta,allow SSO for TMEMS using Okta,add SSO function to TMEMS using Okta

Configuring Okta as an identity provider for Trend Micro Email Security (TMEMS)

Product / Version includes:

Trend Micro Email SecurityAll

Last updated: 2022/03/18

Solution ID: KA-0012764

Category: Configure

Summary

This article shows how to add Trend Micro Email Security as a new application and configure SSO settings on your Okta Admin console.

To set up SSO using Okta:

Log in to your Okta organization as a user with administrative privileges.
Click Admin in the upper-right.

^{Click the image to enlarge.}

If you are in the Developer Console, click < > Developer Console in the upper-left corner, and then click Classic UI to switch over to the Admin Console.
Navigate to Applications > Applications, then click Create App Integration.

^{Click the image to enlarge.}
Select SAML 2.0 as the Sign in method, and then click Next.

^{Click the image to enlarge.}
On the General Settings screen, enter "Trend Micro Email Security" in the App name field, and click Next.

^{Click the image to enlarge.}

On the Configure SAML screen, specify the following:

Note

For the succeeding steps:

Replace <unique_identifier> with a unique identifier. Record the unique identifier, which will be used when you create an SSO profile on the Trend Micro Email Security administrator console.

^{Click the image to enlarge.}

Replace <domain_name> with any of the following based on your location:

Region/Location	Domain
North America, Latin America and Asia Pacific	tmes.trendmicro.com
Europe, the Middle East and Africa	tmes.trendmicro.eu
Australia and New Zealand	tmes-anz.trendmicro.com
Japan	tmems-jp.trendmicro.com
Singapore	tmes-sg.trendmicro.com

Type https://ui.<domain_name>/uiserver/subaccount/ssoAssert?cmpID=<unique_identifier> in Single sign on URL based on your serving site.
Select Use this for Recipient URL and Destination URL.
Type https://ui.<domain_name>/uiserver/subaccount/ssoLogin in the Audience URI in Audience URI (SP Entity ID).
Select EmailAddress in Name ID format.
Select Okta username in Application username.

^{Click the image to enlarge.}
(Optional) Click Show Advanced Settings and specify the following settings:

This step is required only if you want to configure a logoff URL on the Trend Micro Email Security administrator console. The logoff URL is used to log you off and also terminate the current identity provider logon session.
1. Next to Enable Single Logout, select the Allow application to initiate Single Logout check box.
2. Type https://ui.<domain_name>/uiserver/subaccount/sloAssert?cmpID=<unique_identifier> in Single Logout URL.
3. Type https://ui.<domain_name>/uiserver/subaccount/ssoLogout in SP Issuer.
4. Upload the logoff certificate in the Signature Certificate area.
  You need to download the logoff certificate from the Trend Micro Email Security administrator console in advance. Go to Administration > Administrator Management > Logon Methods. Click Add in the Single Sign-on section. On the pop-up screen, locate the Identity Provider Configuration section, select Okta as Identity provider and click Download Logoff Certificate to download the certificate file.
  
  ^{Click the image to enlarge.}
5. Keep the default values for other settings.
  
  ^{Click the image to enlarge.}
Under the Attribute Statements (optional) section, specify the following:

When configuring the identity claim type for an SSO profile on Trend Micro Email Security, make sure you use the attribute name specified here.
- Name: email
- Name format: Unspecified
- Value: user.email
^{Click the image to enlarge.}
Click Next.

On the Feedback screen, click I'm an Okta customer adding an internal app. Select This is an internal app that we have created, and then click Finish.

^{Click the image to enlarge.}
Click the View Setup Instructions button, record the URL in Identity Provider Single Sign-On URL and the certificate content in X.509 Certificate.

^{Click the image to enlarge.}
Assign the application to people.

Make sure to add these users as Administrators in the Trend Micro Email Security management console.
1. Select Directory > People.
  
  ^{Click the image to enlarge.}
2. Click the user that you want to assign the application to, and then click Assign Applications.
  
  ^{Click the image to enlarge.}
3. Locate the Trend Micro Email Security you added, and click Assign.
  
  ^{Click the image to enlarge.}
4. Verify the user name and click Save and Go Back.
  
  ^{Click the image to enlarge.}
5. Confirm that the application is assigned to this user.
  
  ^{Click the image to enlarge.}
6. Repeat the above steps to assign the application to more users as necessary.

Make sure that the user/s you have assigned from Step 9, is added under Administration > Administrator Management > Account Management in order to use it for SSO login.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Configuring Okta as an identity provider for Trend Micro Email Security (TMEMS)

Configuring Okta as an identity provider for Trend Micro Email Security (TMEMS)

Product / Version includes:

Summary