Views:

Enable SAML on Smart Check overrides.yaml

Under "auth", add the following values for "saml enabled" and "location":

	auth:
  <other entries>
  saml:
    enabled: true
    location: <Smart Check FQDN or IP>

Update your Smart Check to use updated configuration:
```
	helm upgrade \
  --values overrides.yaml \
  deepsecurity-smartcheck \
  https://github.com/deep-security/smartcheck-helm/archive/master.tar.gz
	
```
- Add parameter -n if you are using different namespace.
- Change master.tar.gz if you are using a specific version of Smart Check.

Setup SAML Configuration in Azure AD

In the Azure console navigate to Enterprise Application > + New Application.
Click +Create your own application, add a name then click Create.
Assign Users and Groups by clicking Users and groups on the left, then click Add user/group. Select the user or group you wish to assign to your application.

Download metadata XML from Smart Check

Get the metadata XML on https://[smartcheck fqdn]/saml.
Upload the metadata XML to your Enterprise Application single sign-on settings in Azure.

Get Azure AD metadata URL and apply it on Smart Check via API call

On a Linux machine, modify and run the following shell script to get a session token:

#!/bin/bash
  
#Create a session, change the target URL to your DSSC
curl -k https://<Smart Check FQDN or IP>/api/sessions --header "Content-Type: application/json" --request POST --data '{
"user": {
"userID": "<user>",
"password": "<password>"
}
}' | jq -r '.token'  > session.json

Change <user> and <password> to your Smart Check administrator user and password.
Change <Smart Check FQDN or IP>.

Make sure that session.json file is created with token content.
Go to Azure web console and get the metadata URL.

Modify and run the following script to register Azure SSO metadata URL:

#!/bin/bash
#Change target URL and metadataURL
 
curl -kv -X POST https://<Smart Check FQDN or IP>:<port>/api/identity-providers/saml -H "Authorization: Bearer $(cat session.json)" -H 'Content-Type: application/json' -d '{
  "name": "IdentityProvider",
  "description": "My SAML identity provider. Contact identity@example.com for support.",
  "metadataURL": "<Metadata URL>",
  "insecureSkipVerify": true
}'

You can change the description.
Change <Smart Check FQDN or IP>.
Change <Metadata URL>.

Verify that API call was successful:

curl -kv -X GET \
  https://<Smart Check FQDN or IP>/api/identity-providers/saml \
  -H "Authorization: Bearer $(cat session.json)"

You should see the correct metadata URL reflected with "status": "ok".

Add Claims

On Azure SSO, click Edit on Claims.
Add a new claim with name RoleSessionName, namespace https://deepsecurity.trendmicro.com/SAML/Attributes and source attribute user.mail.
Add another claim with name Role, namespace https://deepsecurity.trendmicro.com/SAML/Attributes and source attribute administrator.

You should be able to log in to Smart Check console using Azure SSO.

Keywords: integrate azure ad, azure ad integration deep security, smart check integration with azure ad

Azure Active Directory (AD) SAML integration with Trend Micro Deep Security Smart Check

Product / Version includes:

Deep Security All

Last updated: 2025/05/08

Solution ID: KA-0013774

Category: Configure

Summary

Deep Security Smart Check supports SSO integration with identity providers such as Azure AD. This article shows the step-by-step guide on how to integrated Azure AD Security Assertion Markup Language (SAML) with Deep Security Smart Check.

EXPAND ALL

Enable SAML on Smart Check overrides.yaml

Under "auth", add the following values for "saml enabled" and "location":

	auth:
  <other entries>
  saml:
    enabled: true
    location: <Smart Check FQDN or IP>

Update your Smart Check to use updated configuration:
```
	helm upgrade \
  --values overrides.yaml \
  deepsecurity-smartcheck \
  https://github.com/deep-security/smartcheck-helm/archive/master.tar.gz
	
```
- Add parameter -n if you are using different namespace.
- Change master.tar.gz if you are using a specific version of Smart Check.

Setup SAML Configuration in Azure AD

In the Azure console navigate to Enterprise Application > + New Application.
Click +Create your own application, add a name then click Create.
Assign Users and Groups by clicking Users and groups on the left, then click Add user/group. Select the user or group you wish to assign to your application.

Download metadata XML from Smart Check

Get the metadata XML on https://[smartcheck fqdn]/saml.
Upload the metadata XML to your Enterprise Application single sign-on settings in Azure.

Get Azure AD metadata URL and apply it on Smart Check via API call

On a Linux machine, modify and run the following shell script to get a session token:

#!/bin/bash
  
#Create a session, change the target URL to your DSSC
curl -k https://<Smart Check FQDN or IP>/api/sessions --header "Content-Type: application/json" --request POST --data '{
"user": {
"userID": "<user>",
"password": "<password>"
}
}' | jq -r '.token'  > session.json

Change <user> and <password> to your Smart Check administrator user and password.
Change <Smart Check FQDN or IP>.

Make sure that session.json file is created with token content.
Go to Azure web console and get the metadata URL.

Modify and run the following script to register Azure SSO metadata URL:

#!/bin/bash
#Change target URL and metadataURL
 
curl -kv -X POST https://<Smart Check FQDN or IP>:<port>/api/identity-providers/saml -H "Authorization: Bearer $(cat session.json)" -H 'Content-Type: application/json' -d '{
  "name": "IdentityProvider",
  "description": "My SAML identity provider. Contact identity@example.com for support.",
  "metadataURL": "<Metadata URL>",
  "insecureSkipVerify": true
}'

You can change the description.
Change <Smart Check FQDN or IP>.
Change <Metadata URL>.

Verify that API call was successful:

curl -kv -X GET \
  https://<Smart Check FQDN or IP>/api/identity-providers/saml \
  -H "Authorization: Bearer $(cat session.json)"

You should see the correct metadata URL reflected with "status": "ok".

Add Claims

On Azure SSO, click Edit on Claims.
Add a new claim with name RoleSessionName, namespace https://deepsecurity.trendmicro.com/SAML/Attributes and source attribute user.mail.
Add another claim with name Role, namespace https://deepsecurity.trendmicro.com/SAML/Attributes and source attribute administrator.

You should be able to log in to Smart Check console using Azure SSO.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Azure Active Directory (AD) SAML integration with Trend Micro Deep Security Smart Check

Enable SAML on Smart Check overrides.yaml

Setup SAML Configuration in Azure AD

Download metadata XML from Smart Check

Get Azure AD metadata URL and apply it on Smart Check via API call

Add Claims

Azure Active Directory (AD) SAML integration with Trend Micro Deep Security Smart Check

Product / Version includes:

Summary

Enable SAML on Smart Check overrides.yaml

Setup SAML Configuration in Azure AD

Download metadata XML from Smart Check

Get Azure AD metadata URL and apply it on Smart Check via API call

Add Claims