Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring Single Sign-On (SSO) using Azure AD Premium Edition for Cloud App Security

    • Updated:
    • 21 Apr 2021
    • Product/Version:
    • Cloud App Security
    • Platform:
Summary

Azure Active Directory (Azure AD) is Microsoft's multi-tenant cloud-based directory and identity management service.

This article describes how to configure Azure AD Premium Edition as a SAML (2.0) identity provider for Cloud App Security to use.

Details
Public

Prerequisites

Before you begin configuring Azure AD, make sure that:

  • You have a valid subscription with an Azure AD edition license (Free, Basic, or Premium) that handles the sign-in process and eventually provides the authentication credentials to the Cloud App Security management console.
  • You are logged on to the management console as a Cloud App Security global administrator.

Using Azure AD Premium Edition

  1. Sign in to the Azure management portal at https://portal.azure.com using your Azure AD administrator account.
  2. On the Microsoft Azure main page, click Azure Active Directory.
  3. From the left navigation, go to Enterprise applications > New application.

    Configure SSO

  4. If the Browse Azure AD Gallery (Preview) screen opens, click Click here to switch back to the legacy app gallery experience.

    Configure SSO

  5. Under Add an application, click Non-gallery application.

    Configure SSO

  6. Under the Add your own application area that appears, specify the display name for Cloud App Security in the Name text box (e.g. Trend Micro Cloud App Security) and then click Add.

    The Overview screen of the newly added application should appear.

    Configure SSO

  7. Under the Getting Started area, click Set up single sign-on.
  8. Select SAML as the single sign-on method.
  9. On the SAML-based Sign-on screen, click the Edit icon, specify the following for your Cloud App Security tenant into Azure AD on the Basic SAML Configuration screen that appears, and then click Save.

    The configuration should look like this:

    Configure SSO

  10. On the Cloud App Security Console, go to Administration > Single Sign-On Settings and then configure the general settings for single sign-on:
    1. Select "Enable SSO".
    2. Select the identity provider in Identity Provider.
    3. Specify the service URL.
       
      Depending on the Azure AD, it's the AD FS or Okta you configured.
    4. Specify the application identifier.
       
      Depending on the Azure AD, it's the AD FS or Okta you configured.
      1. Go to the Overview screen and record Application ID under the Properties screen. This is also referred to as Application Identifier on the Cloud App Security management console.

        Configure SSO

      2. Click Single sign-on and record Login URL under the Set up <Your application name> area. This is also referred to as Service URL on the Cloud App Security management console.

        Configure SSO

      3. (Optional) Under SAML Signing Certificate, click Certificate (Base64) to download a certificate file for Azure AD signature validation on Cloud App Security when it receives SAML tokens issued by Azure AD.

        Configure SSO

    5. Click Save.
  11. From the left navigation, click Users and groups and then Add user/group.
    1. Under Add Assignment, click Users or Users and groups based on your Active Directory plan level.
    2. Under the Users or Users and groups area that appears, select the users or groups to allow single sign-on to the Cloud App Security management console, click Select and then Assign.
    3. Click Single sign-on from the left navigation and then click Test at the bottom of the screen.
  12. On the Test single sign-on with <your application name> screen that appears, click Sign in as current user or Sign in as someone else if necessary.
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000286282
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.