Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Integrating Apex Central with Azure Active Directory (AAD)

    • Updated:
    • 8 Jul 2021
    • Product/Version:
    • Apex Central All.All
    • Apex One as a Service All.All
    • Control Manager 7.0
    • Platform:
Summary

This article gives the procedure of integrating with Azure AD (AAD) and enable SSO from AAD to Apex Central. It can be applied to Apex One as a Service.

 
  • Apex Central can only obtain AD data from on-premises AD, you must prepare an on-premises AD environment for synchronizing.
  • Apex Central can only support accounts created from on-premises AD.
 
Details
Public

To enable Azure AD(AAD) to be able to SSO to Apex Central, the following tasks have to be done:

  1. Integrate AAD with on-premise AD by using "Azure AD Connect". For reference, visit this Microsoft article: Custom installation of Azure AD Connect.
  2. In Azure AD panel, go to Enterprise applications.

    Enterprise Application

  3. Create a new application for the Apex Central instance:
    1. Click New Application.

      New Application

    2. Select Non-gallery application, and set a display name for this Apex Central application.

      Non-gallery app

  4. Configure Single sign-on of Apex Central application:
    1. Go to Single sign-on page.

      SSO page

    2. Select SAML-based Sign-on as Sign on mode.

      SAML-based Sign-on

    3. Edit Basic SAML Configuration and configure SAML Settings:
      • https://<host-to-your-ApexCentral>/
      • https://<host-to-your-ApexCentral>/WebApp/login.aspx

      Basic SAML Config

    4. Edit User Attributes & Claims to add custom attributes with following settings:
      1. Click Add new claim.

        Add new claim

      2. Configure the custom claim settings:
        • Name: windowsaccountname_TM
        • Namespace: http://schemas.microsoft.com/ws/2008/06/identity/claims

        Manage claim

      3. Change Source type to Transformation and configure the following parameters:
        • Transformation: Join()
        • Parameter 1: user.netbiosname
        • Separator: \
        • Parameter 2: user.onpremisessamaccountname

        Manage Transformation

    5. Confirm the settings.

      Confirm Settings

    6. Assign users who can log in to the Apex Central application.
      1. Go to User and group in application dashboard, click Add user.

        Add User

      2. Click User and groups and select a user or group.

        Select User or Group

      3. After clicking Assign, selected items will appear in dashboard.

        User and groups list

  1. Integrate AD with Apex One as a Service.
    For detailed instructions, visit the Integrate Active Directory (AD) with Apex One as a Service support page and go to step 2 of Synchronize AD information and authenticate AD accounts.
  2. In Apex Central, go to Administration > Account Management > User Accounts.
  3. Click Add.

    Add user

  4. Select Active Directory user or group, specify the User/Group name, and click Next.

    Choose AD User

    The Add New User screen appears.

  5. Select the desired role, configure folder options and access rights, and then click Save.

    Select Role

  6. Go to Administration > Settings > Active Directory and Compliance Settings > Active Directory Settings.
  7. Configure ADFS for Apex Central.
    • Tick Enable Active Directory synchronization and Enable Active Directory authentication.

      AD and Compliance Settings

    • Specify the SSO service URL and Service identifier, and select the Signing certificate.
      Field name on Apex Central Setting pageAzure AD SSO Attribute Name
      SSO service URLLogin URL
      Server identifierAzure AD Identifier
      Server certificatecertificate downloaded from AAD enterprise application

      SAML Sign Certificate

Identity (IdP) initiated SSO

  1. Go to https://account.activedirectory.windowsazure.com/.
  2. Click the application to initiate a single sign on to Apex Central.

    Click Apex Central

SP initiated SSO

  1. Enter an AD user in Apex Central login console, browser will redirect page to Azure.

    Enter Credentials

    Azure Login

  2. After authentication, the page will be redirected back to Apex Central.

    Apex Central console

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
1120631
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.