Reference: Mapping CMP manual setup values with identity provider values
When you choose the manual setup option in the Enter these settings into your IDP step of the identity provider configuration in CMP, some configuration values are provided for you to copy into your identity provider configuration.
AD FS
The following table shows which values to copy from CMP into AD FS. For more information, see Configuring AD FS for Tanium Cloud.
| Identity provider configuration | CMP values |
|---|---|
| Relying party SAML 2.0 SSO service URL | SSO Url |
| Relying party trust identifier | Audience URI/SP Entity ID |
Entra ID
The following table shows which values to copy from CMP into Entra ID. For more information, see Configuring Entra ID for Tanium Cloud.
| Identity provider configuration | CMP values |
|---|---|
| Identifier (Entity ID) | Audience URI/SP Entity ID |
| Reply URL (Assertion Consumer Service URL) | SSO Url |
| Sign on URL | Tanium Console Url |
| Logout Url | Logout Url |
| Required claim > Claim name | Unique User Identifier (Name ID) |
| Required claim > Value | user.userprincipalname |
| Additional claim > Claim name |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress You can edit this value, but the value must match in both the Identity Provider Attribute Setup step of the CMP and your identity provider settings. |
| Additional claim > Value | user.email |
Duo Access Gateway
The following table shows which values to copy from CMP into Duo Access Gateway. For more information about configuring Duo Access Gateway, see Duo Access Gateway - Generic SAML Service Providers.
| Identity provider configuration | CMP values |
|---|---|
| Entity ID | Audience URI/SP Entity ID |
| Assertion Consumer Service | SSO Url |
| Single logout URL | Logout Url |
| Service provider login URL | Tanium Console Url |
| NameID attribute | <Email Address> |
| Map attributes > IDP Attribute | <Email Address> |
| Map attributes > SAML Response Attribute |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress You can edit this value, but the value must match in both the Identity Provider Attribute Setup step of the CMP and your identity provider settings. |
Google Cloud Identity
The following table shows which values to copy from CMP into Google Cloud Identity. For more information, see Documentation Home > Tanium Core Platform > Tanium Client Management User Guide.
| Identity provider configuration | CMP values |
|---|---|
| ACS URL | SSO Url |
| Entity IR | Audience URI/SP Entity ID |
| Start URL | Tanium Console Url |
| Attribute Mapping > Application Attribute |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress You can edit this value, but the value must match in both the Identity Provider Attribute Setup step of the CMP and your identity provider settings. |
| Attribute Mapping > Category | Basic Information |
| Attribute Mapping > User Field | Primary Email |
Okta
The following table shows which values to copy from CMP into Okta. For more information, see Documentation Home > Tanium Core Platform > Tanium Client Management User Guide.
| Identity provider configuration | CMP values |
|---|---|
| Single sign on URL | SSO Url |
| Audience URI (SP Entity ID) | Audience URI/SP Entity ID |
| ATTRIBUTE STATEMENTS (OPTIONAL) > Name |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress You can edit this value, but the value must match in both the Identity Provider Attribute Setup step of the CMP and your identity provider settings. |
| ATTRIBUTE STATEMENTS (OPTIONAL) > Value | user.email |
Oracle Identity Cloud Service
The following table shows which values to copy from CMP into Oracle Identity Cloud Service. For more information, see Documentation Home > Tanium Core Platform > Tanium Client Management User Guide.
| Identity provider configuration | CMP values |
|---|---|
| Entity ID | Audience URI/SP Entity ID |
| Assertion Consumer URL | SSO Url |
| NameID Format | Email address |
| NameID Value | Pirmary Email |
| Single Logout URL | Logout Url |
| Logout Response URL | Logout Url |
| Attribute Configuration > Name |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress You can edit this value, but the value must match in both the Identity Provider Attribute Setup step of the CMP and your identity provider settings. |
| Attribute Configuration > Value | Primary E-mail Address |
Salesforce
The following table shows which values to copy from CMP into Salesforce. For more information, see Documentation Home > Tanium Core Platform > Tanium Client Management User Guide.
| Identity provider configuration | CMP values |
|---|---|
| Start URL | Tanium Console Url |
| Entity Id | Audience URI/SP Entity ID |
| ACS URL | SSO Url |
| Custom Attribute > Attribute key |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress You can edit this value, but the value must match in both the Identity Provider Attribute Setup step of the CMP and your identity provider settings. |
| Custom Attribute > Attribute value | $User.Email |
Last updated: 9/20/2023 1:48 PM | Feedback