Views:

Perform the following steps to allow users to enable single sign-on (SSO) for Apex Central in Okta.

  1. Integrate an on-premises Active Directory (AD).

    1. In Okta, go to Directory > Directory Integrations.

      Directory Integrations

    2. In the Add Directory drop-down box, select Add Active Directory.

      Add Active Directory

    3. Click Download Agent to download the Okta AD agent.

      download Okta AD agent

      The Agent Installation window appears.

    4. Click Next to begin installing the AD agent on an on-premises AD server.

      install AD agent

    5. Select the desired organizational units (OUs) to connect to Okta, select the username format, and click Next.

       
      We recommend selecting SAM Account Name.
       

      Select OUs

    6. Select attributes for your user profile and click Next.

      Click Next

    7. Click Done.

      Click Done

      The Import Results screen appears.

    8. Select users to import and click Confirm Assignments.

      Confirm Assignments

      A confirmation message appears.

    9. Click Confirm.

      Click Confirm

  2. Configure AD user profile mappings so that you can convert Okta accounts into NETBIOS domain user account names.

    1. Go to Directory > Profile Editor.
    2. Click Profile.

      Click Confirm

    3. Under Attributes, click Add Attribute.

      Add Attribute

      The Add Attribute window appears.

    4. Type "samAccountName" in the Display name and Variable name fields.
    5. Click Save.

      Click Save

  3. On the user profile list, click Mappings.

    Click Mappings

    The User Profile Mappings screen appears.

  4. Select "samAccountName" in AD and click Save Mappings to map it to "samAccountName" in the Okta user profile.

    Save Mappings

  5. Create a new application for the Apex Central instance.

    1. Go to Applications > Add Application and select Trend Micro Apex One as a Service.

      Select Apex One As a Service

      The application screen appears.

    2. Click Add.

      Click Add

    3. Enter the base URL and click Done.

      Click Done

    4. Go to the Sign On tab, click View Setup Instructions and follow the configuration steps that appear to configure the settings.

      follow configuration steps

    5. Configure the username mapping between Okta and the application.

      1. Go to the Trend Micro Apex One as a Service User Profile Mappings screen.
      2. Select Okta to Trend Micro Apex One as a Service.
      3. Define the mapping by selecting an option in the drop-down menu or by specifying an expression, and then click Save Mappings.

        Click Save Mappings

         
        The format accepted by Apex Central is <domain_name>\<samaccountname>. Specify the expression that meets this specification according to your Active Directory.
         

        Examples:

        • substringBefore( substringAfter(user.email, "@"), ".") + "\" + substringBefore( user.email, "@") (How to Configure SAML 2.0 for Trend Micro Apex One as a Service - Step 8)
        • substringBefore( substringAfter(user.login, "@"), ".") + "\" + user.samAccountName
        • "<domain_name>"+ "\" + user.samAccountName
    6. Assign the application to Okta users.

      1. Go to Assign > Assign to People.

        Assign to People

        The application assignment window appears.

      2. Locate the user you want to assign the application to and click Assign.

        Assign to People

        If the mapping defined in step 3-e is correct, then the value of the windowsAccountName field will be <domain_name>\<samaccountname> after assigning the application to a user.

        value of windowsAccountName

      3. Click Save and Go Back, and then click Done on the Assign Trend Micro Apex One as a Service to People screen to finish.
  1. Integrate AD with Apex One as a Service.

    For detailed instructions, refer to the KB article: Integrate Active Directory (AD) with Apex One as a Service and go to step 2 of Synchronize AD information and authenticate AD accounts.

  2. In Apex Central, go to Administration > Account Management > User Accounts.
  3. Click Add.

    Click Add

  4. Select Active Directory user or group, specify the User/Group name, and click Next.

    Click Next

    The Add New User screen appears.

  5. Select the desired role, configure folder options, and click Save.

    Click Save

  6. Go to Administration > Settings > Active Directory and Compliance Settings > Active Directory Settings.
  7. Configuring ADFS for Apex Central.

    • Select Enable Active Directory synchronization.
    • Select Enable Active Directory authentication.
    • Specify the SSO service URL and Service identifier, and select the Signing certificate.

      Click Save

       
      You can retrieve the necessary information from the How to Configure SAML 2.0 for Trend Micro Apex One as a Service tutorial.
       

      Select Signing certificate

    • Click Save.
  1. In Okta, log in as a user of the group/user that has access to Apex Central.
  2. Click the Trend Micro Apex One as a Service button to initiate single sign-on.

    initiate single sign-on