Configuring Google Cloud Identity for Tanium Cloud

Google Cloud Identity is the default identity provider for G Suite and Google Cloud Platform. To use Google Cloud Identity as an identity provider for Tanium Cloud, you must first configure it.

The IDP Documentation links in the CMP are pre-populated with the values that you must enter in your identity provider settings. The screenshots are provided for example purposes only.

Create a SAML application and provide the metadata to Tanium

1. From the Google Admin Console (https://admin.google.com/), click Apps.
2. Click SAML Apps and then click + to add a new app.
3. In the Basic Information for your Custom App step, enter a name, such as Tanium or Tanium Cloud, for the new application, optionally upload a logo, and then click Next.
4. In the Enable SSO for SAML Application step, click SETUP MY OWN CUSTOM APP.
   1. In the Google IdP Information step, click DOWNLOAD in the Option 2 section, provide the downloaded file to Tanium, and then click Next.
      
      
      
      
      
      

      You can upload the metadata file in the Identity Provider Metadata step of the CMP identity provider configuration. For more information, see Configure your identity provider.

   2. In the Service Provider Details step, enter the following values from the CMP and then click Next.

      ACS URL: SSO Url
      Entity IR: Audience URI/SP Entity ID
      Start URL: Tanium Console Url

   3. In the Attribute Mapping step, enter the following values and then click Finish.

      Enter the application attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
      Select category: Basic Information
      Select user field: Primary Email

Assign the enterprise application to users

1. In the User access section of Service Status, click the expander icon to assign the enterprise application to any users that you want to have access to Tanium Cloud.
2. Configure an appropriate user access policy for Tanium for your organization.
   

   You must give access to the user that is listed as the Primary Tanium Cloud Admin Username in the CMP. This user is the only user that is created in Tanium Cloud during the provisioning process. Additional users can be created in Tanium Cloud by this user or other delegated users.