Using Cloud Management Portal

Use Cloud Management Portal (CMP) to manage identity provider configurations and local users, monitor activity, and subscribe to email notifications.

Sign in to CMP

Use the following URL to access CMP: 

portal.<customerURL>.cloud.tanium.com

Sign in as the primary administrator or a local user

The primary administrator account is a local user account based on your primary administrator email address. You can use this account to configure all CMP settings and to manage other local users, which are typically used during evaluation of Tanium Cloud. For more information about local users, see Manage local users for evaluation or demonstration

  • To change your designated primary administrator email address, contact Tanium Support.

  • If your are signing in for the first time, CMP prompts you to create a password and configure multi-factor authentication. For more information, see Sign in to CMP for the first time.
  • For a new instance or a new local user, temporary credentials are set to expire in seven days. Reset your CMP administrator or local user password if your temporary credentials are no longer valid.
  • Local user accounts, including the primary administrator account, lock after 90 days of inactivity. If you have not signed in as the primary administrator for more than 90 days or a message appears during sign-in that indicates that your account is locked, contact Tanium Support to unlock your account. In the case of a locked local user other than the primary administrator, the primary administrator can re-create the account. See Manage local users for evaluation or demonstration.

  1. Click Sign in with a local user, and then sign in with your local user name and password.

    Make sure you use the @tanium.local domain in your user name, unless you are signing is as the primary administrator and your Tanium Cloud instance does not have local users enabled. For more information, see Troubleshoot issues authenticating to Cloud Management Portal.

  2. Complete the multi-factor authentication (MFA) step.

Sign in as a single sign-on (SSO) user

To sign in as an SSO user provided by an identity provider (typical in a production environment), enter your SSO user name, which is usually your organization email address. Click Next, and complete the SSO sign-in process.

If the local user sign-in screen is showing, click Sign in with SSO to return to the SSO sign-in screen.

View administration information

To view administration information, go to Administration from the CMP menu. You can view Tanium instance details (including the console URL and client edge URLs), entitlement details, and identity provider settings in the Tanium Cloud Management Portal (CMP). You can delete or edit an existing setting, or add a new configuration. Warnings or errors are also displayed in the Administration page.

View module installation activity

You can access the Activity Timeline, which shows a historical view of all the modules that were installed or upgraded in your Tanium Cloud instance. If you encounter an issue with a module, you can see if the issue is related to a recent upgrade. You can also see what modules are scheduled for installation.

  1. From the CMP menu, go to Environment > Environment Status to view the module installation activity.
  2. To view documentation for a specific module, click View Details.

View event history

You can access the Event History page, which shows CMP user activity.

Only an administrator or a local user with the role Audit History Read-Only User can view all users' actions in the event history. Any other user can see only that user's own actions.

  1. From the CMP menu, go to Environment > Event History to view the Event History page.
  2. Use the filter controls to limit which events appear. Filter options are cumulative. Filter options include:
    • Event: Select a type of event to limit the entries that appear.
    • Resource: Enter a value to show events whose Resource contains the text.
    • User: Enter a value to show events whose User contains the text.
    • From / To: Select a starting and ending date to show only events that occurred on and between the dates.
  3. Expand any entry to view additional details for the event.
  4. (Optional) To download the event history as a CSV file, click Export .

Manage local users for evaluation or demonstration

Local user accounts provide access to CMP and optionally to Tanium Console without using an identify provider, which provides simple account management for evaluation or demonstration purposes. One primary administrator local user account with the role Root Administrator is provided by default, based on your primary administrator email address.

To change your designated primary administrator email address, contact Tanium Support.

All local users have a user name with a @tanium.local domain, though you provide an email address separately from the user name for each local user. You can create up to four local user accounts in addition to the initial Root Administrator account.

Only the primary administrator can manage other local users.

Use local users only for evaluation or demonstration purposes. In a production environment, do not create additional local users or enable local user access to Tanium Console; configure your identity provider to manage Tanium users and CMP administrative users. After an evaluation or demonstration is complete, disable local user access to Tanium Console, and remove local users other than the primary administrator.

Local user accounts lock after 90 days of inactivity. If an account is locked, you must re-create it to re-enable it. If the primary administrator account is locked, you must contact Tanium Support to re-enable it.

Create a local user

  1. Sign in to CMP as the primary administrator.
  2. From the CMP menu, go to Administration.
  3. In the Local Users section, click Create .

  4. Enter the Email Address of the user.

    The user name for the user is the local part of the email address with the @tanium.local domain added. For example, if you enter [email protected], the user name becomes [email protected].

  5. Select the appropriate role for the user:

    • Administrator: The user can view and change settings in CMP. For a full list of permissions, see Tanium Cloud Management Portal user roles.

      This role cannot manage local users. Only the primary administrator can manage other local users.

    • Audit History Read-Only User: The user can view settings in CMP and view all users' actions in the event history.
    • Read-Only User: The user can view settings in CMP but can view only the user's own actions in the event history.
  6. Click Confirm to save the new user.

By default, local users are enabled only in CMP. To enable these users to access Tanium Console, see Provide local users access to Tanium Console.

Edit or delete a local user

You can edit or delete existing local uses from the Local Users section of the CMP Administration page.

Click Edit beside a user to edit that user. You can change the only the role of the user.

Click Delete beside a user to delete that user.

You cannot edit or delete the local user account for the primary administrator. To change your designated primary administrator email address, contact Tanium Support.

Provide local users access to Tanium Console

You can enable local users to access Tanium Console to quickly provide Tanium users for evaluation or demonstration purposes.

Use local users only for evaluation or demonstration purposes. In a production environment, do not enable local user access to Tanium Console; configure your identity provider to manage Tanium users. After an evaluation or demonstration is complete, disable local user access to Tanium Console.

Before you begin

You must have a default user group configured in Tanium Console to provision local users other than the primary administrator. The primary administrator receives administrative permissions with unrestricted management rights to all computer groups. Other local users are added to the default user group and receive the permissions assigned to the users in that group. For the steps to configure a default user group, see Tanium Console User Guide: Set the default user group.

Enable local user access to Tanium Console

The following steps provision Tanium Console access for all CMP local users.

  1. From the CMP menu, go to Administration.
  2. In the Local Users section, click Disabled to toggle Tanium Console Authentication to Enabled.
  3. In the dialog that appears, review the terms presented. If you agree, click Agree and then Enable.

    CMP configures local user access to Tanium Console and enables the Launch Console button in CMP.

  4. To test your access to Tanium Console, click Launch Console in the Main menu.

After the evaluation or demonstration is complete, disable local user access to Tanium Console.

Disable local user access to Tanium Console

  1. From the CMP menu, go to Administration.
  2. In the Local Users section, click Enabled to toggle Tanium Console Authentication to Disabled.

Subscribe to email notifications

You can sign up for email notifications that notify you when the following events occur:

  • A module license is about to expire
  • A module installation is scheduled
  • A module installation completes
  • A SCIM token is about to expire
  • Identity provider metadata file is about to expire

To sign up for email notifications:

  1. From the CMP menu, go to Environment > Environment Status.
  2. Click Subscribe (or Subscribed) and then follow the prompts to sign up for email notifications.

    By default, the primary administrative email account is automatically signed up for email notifications.

Reset your CMP administrator or local user password

You can reset the password for the CMP primary administrator or a CMP local user if the password expires, you forgot the password, or you want to change the password for any other reason.

You cannot reset a password in CMP for a single sign-on (SSO) account provided by an identity provider. The process to change or reset your SSO password is determined by your identity provider.

By default, passwords for the primary administrator and local users expire every 60 days.

  1. From the CMP access link, click Sign in with a local user and then click Reset Password.
  2. Enter your email address and click Reset Password.
  3. Check your email for the verification code, enter it, and click Confirm.
  4. Check your email again for the one-time temporary password and sign in with it.
  5. Create a new password and click Next.

After you change your password, CMP signs you out of all sessions within five minutes. Use your new password to sign in.

If you enter the verification code or temporary password incorrectly five times within the last 24 hours, your account is locked. Reset your CMP administrator or local user password again to restart the process. Additionally, you cannot request to reset your password more than five times within the last 24 hours. In this case, you must wait to Reset your CMP administrator or local user password again.

Change primary administrator account

To change your designated primary administrator email address, contact Tanium Support.

For more troubleshooting information, see Tanium Console User Guide: Troubleshooting.