Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Integrating Control Manager (TMCM), Apex Central or Apex One as a Service with Okta

    • Updated:
    • 11 Jun 2020
    • Product/Version:
    • Apex Central 2019
    • Apex One as a Service
    • Control Manager 7.0
    • Platform:
    • Windows 2008
    • Windows 2008 Datacenter
    • Windows 2008 Datacenter R2
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Enterprise R2
    • Windows 2008 R2
    • Windows 2008 Server
    • Windows 2008 Server R2
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 2012 Datacenter
    • Windows 2012 Datacenter R2
    • Windows 2012 Enterprise
    • Windows 2012 Server
    • Windows 2012 Server Essentials
    • Windows 2012 Server R2
    • Windows 2012 Standard
    • Windows 2012 Standard R2
    • Windows 2012 Web Server Edition
    • Windows 2016
    • Windows 2016 Datacenter
    • Windows 2016 Server
    • Windows 2016 Standard
    • Windows 2019 Server
Summary

Okta is a service which offers secure identity management and single sign-on to any application.

This article gives the procedure of integrating with Okta, and this procedure can be applied on on-premise TMCM, Apex Central and Apex One as a Service.

Based on the content of this article, it is also possible that customers can figure out how to connect to other Identity Providers (IDP).

Details
Public

Perform the following steps to allow users to enable single sign-on (SSO) for Apex Central in Okta.

  1. Integrate an on-premises Active Directory (AD).

    1. In Okta, go to Directory > Directory Integrations.

      Directory Integrations

    2. In the Add Directory drop-down box, select Add Active Directory.

      Add Active Directory

    3. Click Download Agent to download the Okta AD agent.

      download Okta AD agent

      The Agent Installation window appears.

    4. Click Next to begin installing the AD agent on an on-premises AD server.

      install AD agent

    5. Select the desired organizational units (OUs) to connect to Okta, select the username format, and click Next.

       
      We recommend selecting SAM Account Name.
       

      Select OUs

    6. Select attributes for your user profile and click Next.

      Click Next

    7. Click Done.

      Click Done

      The Import Results screen appears.

    8. Select users to import and click Confirm Assignments.

      Confirm Assignments

      A confirmation message appears.

    9. Click Confirm.

      Click Confirm

  2. Configure AD user profile mappings so that you can convert Okta accounts into NETBIOS domain user account names.

    1. Go to Directory > Profile Editor.
    2. Click Profile.

      Click Confirm

    3. Under Attributes, click Add Attribute.

      Add Attribute

      The Add Attribute window appears.

    4. Type "samAccountName" in the Display name and Variable name fields.
    5. Click Save.

      Click Save

  3. On the user profile list, click Mappings.

    Click Mappings

    The User Profile Mappings screen appears.

  4. Select "samAccountName" in AD and click Save Mappings to map it to "samAccountName" in the Okta user profile.

    Save Mappings

  5. Create a new application for the Apex Central instance.

    1. Go to Applications > Add Application and select Trend Micro Apex One as a Service.

      Select Apex One As a Service

      The application screen appears.

    2. Click Add.

      Click Add

    3. Enter the base URL and click Done.

      Click Done

    4. Go to the Sign On tab, click View Setup Instructions and follow the configuration steps that appear to configure the settings.

      follow configuration steps

    5. Configure the username mapping between Okta and the application.

      1. Go to the Trend Micro Apex One as a Service User Profile Mappings screen.
      2. Select Okta to Trend Micro Apex One as a Service.
      3. Define the mapping by selecting an option in the drop-down menu or by specifying an expression, and then click Save Mappings.

        Click Save Mappings

         
        The format accepted by Apex Central is <domain_name>\<samaccountname>. Specify the expression that meets this specification according to your Active Directory.
         

        Examples:

        • substringBefore( substringAfter(user.email, "@"), ".") + "\" + substringBefore( user.email, "@") (How to Configure SAML 2.0 for Trend Micro Apex One as a Service - Step 8)
        • substringBefore( substringAfter(user.login, "@"), ".") + "\" + user.samAccountName
        • "<domain_name>"+ "\" + user.samAccountName
    6. Assign the application to Okta users.

      1. Go to Assign > Assign to People.

        Assign to People

        The application assignment window appears.

      2. Locate the user you want to assign the application to and click Assign.

        Assign to People

        If the mapping defined in step 3-e is correct, then the value of the windowsAccountName field will be <domain_name>\<samaccountname> after assigning the application to a user.

        value of windowsAccountName

      3. Click Save and Go Back, and then click Done on the Assign Trend Micro Apex One as a Service to People screen to finish.
  1. Integrate AD with Apex One as a Service.

    For detailed instructions, refer to the KB article: Integrate Active Directory (AD) with Apex One as a Service and go to step 2 of Synchronize AD information and authenticate AD accounts.

  2. In Apex Central, go to Administration > Account Management > User Accounts.
  3. Click Add.

    Click Add

  4. Select Active Directory user or group, specify the User/Group name, and click Next.

    Click Next

    The Add New User screen appears.

  5. Select the desired role, configure folder options, and click Save.

    Click Save

  6. Go to Administration > Settings > Active Directory and Compliance Settings > Active Directory Settings.
  7. Configuring ADFS for Apex Central.

    • Select Enable Active Directory synchronization.
    • Select Enable Active Directory authentication.
    • Specify the SSO service URL and Service identifier, and select the Signing certificate.

      Click Save

       
      You can retrieve the necessary information from the How to Configure SAML 2.0 for Trend Micro Apex One as a Service tutorial.
       

      Select Signing certificate

    • Click Save.
  1. In Okta, log in as a user of the group/user that has access to Apex Central.
  2. Click the Trend Micro Apex One as a Service button to initiate single sign-on.

    initiate single sign-on

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
1120189
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.