Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring Okta as a SAML (2.0) identity provider for Trend Micro Vision One

    • Updated:
    • 15 Mar 2021
    • Product/Version:
    • Trend Micro Vision One All
    • Platform:
    • N/A
Summary

Okta is a standards-compliant OAuth 2.0 authorization server that provides cloud identity solutions for your organization. Okta is a single sign-on provider that allows you to manage user access to Trend Micro Vision One.

This article provides the steps on how to configure Okta as a SAML (2.0) identity provider for Trend Micro Vision One to use.

Before you begin configuring Okta, make sure that:

  • You have a valid subscription with Okta that handles the sign-in process and that eventually provides the authentication credentials to the Trend Micro Vision One management console.
  • You are logged on to the management console as a Trend Micro Vision One administrator.
Details
Public
  1. Log in to your Okta organization as a user with administrative privileges.
  2. Click Admin in the upper right, and then navigate to Applications > Applications.
  3. Click Add Application then click Create New App.

    Add Application

    Add Application 2

  4. Select Web as the Platform and SAML 2.0 as the Sign-on method then click Create.

    Sign-on method

  5. On the General Settings screen, type a name for Trend Micro Vision One in App name, for example, "Trend Micro XDR" then click Next.

    General Settings

  6. On the Configure SAML screen, specify the following:

    1. Type the Trend Micro Vision One logon URL in Single sign on URL.

      The logon URL can be obtained from the xdrSpMetadata.xml file downloaded from Trend Micro Vision One.

      logon URL

      Open the xdrSpMetadata.xml in a text editor, and then copy the value of the Location attribute for the md:AssertionConsumerService element. Use the copied value as the logon URL.

    2. Select Use this for Recipient URL and Destination URL.

      In the following example, the logon URL is https://example.com/xdr-logon-url.

      Use this for Recipient URL and Destination URL

    3. Specify the audience URI in Audience URI (SP Entity ID).

      The audience URI can be obtained from the xdrSpMetadata.xml file downloaded from Trend Micro Vision One.

      Open the xdrSpMetadata.xml in a text editor, and then copy the value of the entityID attribute for the md:EntityDescriptor element. Use the copied value as the audience URI.

      In the following example, the audience URI is https://example.com/xdr-audience-uri.

      audience URI

    4. For Name ID format, select EmailAddress.
    5. For Application username, select Okta username.
    6. Click Next.

      Click Next

  7. For Are you a customer or partner, select I'm an Okta customer adding an internal app then click Finish.

    Are you a customer or partner

  8. In the Settings table, under Sign on Methods, download and save the file for the Identity Provider metadata then Import this metadata file to Trend Micro Vision One.

    Settings table 1

    Settings table 2

  9. Assign the application to groups and add people to groups.

    Assign the application

    1. Select Directory > Groups.
    2. Click the groups that you want to assign the application to, and then click Manage Apps.

      The Assign Applications screen appears.

    3. Locate Trend Micro Vision One you added and click Assign.
    4. Click Manage People. The Add People to Groups screen appears.
    5. Locate the user you want to allow access to Trend Micro Vision One and add the user to the Trend Micro Vision One group.
    6. Confirm that the application is assigned to the user and group.

      After assigning an application to a group, the system automatically assigns the application to all users in the group.

    7. Repeat the above steps to assign the application to more groups as necessary.
  10. Create the corresponding SAML account in Vision One (the user assigned in the previous step).

    create SAML account 1

    create SAML account 2

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000261940
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.