Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Integrating Apex Central with Azure Active Directory (AAD)

    • Updated:
    • 17 Aug 2020
    • Product/Version:
    • Apex Central All.All
    • Apex One as a Service All.All
    • Control Manager 7.0
    • Platform:
    • Windows 2008
    • Windows 2008 Datacenter
    • Windows 2008 Datacenter R2
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Enterprise R2
    • Windows 2008 R2
    • Windows 2008 Server
    • Windows 2008 Server R2
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 2012 Datacenter
    • Windows 2012 Datacenter R2
    • Windows 2012 Enterprise
    • Windows 2012 Server
    • Windows 2012 Server R2
    • Windows 2012 Standard
    • Windows 2012 Standard R2
    • Windows 2016
    • Windows 2016 Datacenter
    • Windows 2016 Server
    • Windows 2016 Standard
    • Windows 2019 Server
    • Windows Server 2012 32-Bit
    • Windows Server 2012 64-Bit
Summary

This article gives the procedure of integrating with Azure AD (AAD) and enable SSO from AAD to TMCM/Apex Central™. It can be applied to on-premise TMCM, Apex Central™ and Apex One™ as a Service.

Details
Public

To enable Azure AD(AAD) to be able to SSO to Apex Central, the following tasks have to be done:

  1. Integrate AAD with on-premise AD by using "Azure AD Connect". For reference, visit this Microsoft article: Custom installation of Azure AD Connect.
  2. In Azure AD panel, go to Enterprise applications.

    Enterprise Application

  3. Create a new application for the Apex Central instance:
    1. Click New Application.

      New Application

    2. Select Non-gallery application, and set a display name for this Apex Central application.

      Non-gallery app

  4. Configure Single sign-on of Apex Central application:
    1. Go to Single sign-on page.

      SSO page

    2. Select SAML-based Sign-on as Sign on mode.

      SAML-based Sign-on

    3. Edit Basic SAML Configuration and configure SAML Settings:
      • https://<host-to-your-ApexCentral>/
      • https://<host-to-your-ApexCentral>/WebApp/login.aspx

      Basic SAML Config

    4. Edit User Attributes & Claims to add custom attributes with following settings:
      1. Click Add new claim.

        Add new claim

      2. Configure the custom claim settings:
        • Name: windowsaccountname_TM
        • Namespace: http://schemas.microsoft.com/ws/2008/06/identity/claims

        Manage claim

      3. Change Source type to Transformation and configure the following parameters:
        • Transformation: Join()
        • Parameter 1: user.netbiosname
        • Separator: \
        • Parameter 2: user.onpremisessamaccountname

        Manage Transformation

    5. Confirm the settings.

      Confirm Settings

    6. Assign users who can log in to the Apex Central application.
      1. Go to User and group in application dashboard, click Add user.

        Add User

      2. Click User and groups and select a user or group.

        Select User or Group

      3. After clicking Assign, selected items will appear in dashboard.

        User and groups list

  1. Integrate AD with Apex One as a Service.
    For detailed instructions, visit the Integrate Active Directory (AD) with Apex One as a Service support page and go to step 2 of Synchronize AD information and authenticate AD accounts.
  2. In Apex Central, go to Administration > Account Management > User Accounts.
  3. Click Add.

    Add user

  4. Select Active Directory user or group, specify the User/Group name, and click Next.

    Choose AD User

    The Add New User screen appears.

  5. Select the desired role, configure folder options and access rights, and then click Save.

    Select Role

  6. Go to Administration > Settings > Active Directory and Compliance Settings > Active Directory Settings.
  7. Configure ADFS for Apex Central.
    • Tick Enable Active Directory synchronization and Enable Active Directory authentication.

      AD and Compliance Settings

    • Specify the SSO service URL and Service identifier, and select the Signing certificate.
      Field name on Apex Central Setting pageAzure AD SSO Attribute Name
      SSO service URLLogin URL
      Server identifierAzure AD Identifier
      Server certificatecertificate downloaded from AAD enterprise application

      SAML Sign Certificate

Identity (IdP) initiated SSO

  1. Go to https://account.activedirectory.windowsazure.com/.
  2. Click the application to initiate a single sign on to Apex Central.

    Click Apex Central

SP initiated SSO

  1. Enter an AD user in Apex Central login console, browser will redirect page to Azure.

    Enter Credentials

    Azure Login

  2. After authentication, the page will be redirected back to Apex Central.

    Apex Central console

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
1120631
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.