Configure SAML single sign-on

When you configure Trend Cloud One to use SAML single sign-on (SSO), users signing in to your organization's portal can seamlessly sign in to Trend Cloud One without another credential check.

Typically, there are two people required to configure Trend Cloud One to use SAML single sign-on (SSO): a Trend Cloud One administrator and an administrator for the identity provider.

Trend Cloud One uses the SAML 2.0 protocol for authentication and has been tested with the following identity providers:

• Active Directory Federation Services (ADFS)
• Microsoft Entra ID
• Okta
• Google

In addition, any other identity provider compliant with SAML 2.0 is expected to function with Trend Cloud One.

Download the metadata XML for Trend Cloud One

1. Log in to Trend Cloud One with Full Access to the Identity and Account permissions.
2. Click Administration near the bottom of the page.
3. Click Identity Providers on the left.
4. Click Download Metadata XML for Trend Micro Cloud One, or right-click the link and select an option to save the file.

This XML file will be used in order to configure SAML. You will use a different XML file to upload into Trend Cloud One later.

Configure SAML identity providers

• ADFS setup guide
• Microsoft Entra ID setup guide
• Google setup guide
• Okta setup guide

Configure SAML in Trend Cloud One

1. From the Identity Providers page, click New.
2. In Identity Provider, type a Name. This name should include the identity provider such as Microsoft Entra ID or Okta.
3. In Metadata XML File, click Browse, then navigate to the metadata file that you downloaded from the identity provider (not Trend Cloud One).
4. For the Mapping section (see explanation in About SAML single sign-on) provide a role and attribute as detailed in the identity provider specific guides.
5. Click Save.

In the Mapping section, click + to add more than one Group. You can configure multiple groups to have different access privileges.