Configuring Oracle Identity Cloud Service for Tanium Cloud

To use Oracle Identity Cloud Service as an identity provider for Tanium Cloud, you must first configure it.

The IDP Documentation links in the CMP are pre-populated with the values that you must enter in your identity provider settings. The screenshots are provided for example purposes only.

Create a SAML application and provide the metadata to Tanium

  1. From the Oracle Identity Cloud Service Admin Console Dashboard, click Applications and then click + Add.
  2. In the Add Application section, click SAML Application.
  3. Configure the Details step.
    1. In the App Details section, enter a name, such as Tanium or Tanium Cloud, for the new application, and upload an optional application icon.

    2. In the Display Settings section, verify that Display in My Apps is cleared, and then click Next.

      Amazon Cognito, which is used for identity federation with Tanium Cloud, does not support IDP-initiated SSO. To sign in to Tanium Cloud, you must first access your Tanium Cloud Console URL from the CMP.

  4. Configure the SSO Configuration step.
    1. In the General section, enter the following values from the CMP.

      Entity ID: Audience URI/SP Entity ID
      Assertion Consumer URL: SSO Url
      NameID Format: Email address
      NameID Value: Primary Email

    2. In the Advanced Settings section, select Enable Single Logout, and then configure the following settings.

      Logout binding: Redirect
      Single Logout URL: Logout Url
      Logout Response URL: Logout Url

    3. In the Attribute Configuration section, click + to add the following attribute.

      Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
      Value: Primary E-mail Address

    4. Click Download Identity Provider Metadata and then provide the downloaded file to Tanium.

      You can upload the metadata file in the Identity Provider Metadata step of the CMP identity provider configuration. For more information, see Configure your identity provider.

    5. Click Finish.

Assign the enterprise application to users

From the application view, click Activate to assign the enterprise application to any users that you want to have access to Tanium Cloud.

You must give access to the user that is listed as the Primary Tanium Cloud Admin Username in the CMP. This user is the only user that is created in Tanium Cloud during the provisioning process. Additional users can be created in Tanium Cloud by this user or other delegated users.