Configuring Salesforce for Tanium Cloud
To use Salesforce as an identity provider for Tanium Cloud, you must first configure it.
The IDP Documentation links in the CMP are pre-populated with the values that you must enter in your identity provider settings.
- Sign in to Salesforce and click Setup.
- In the Quick Find text box, enter Identity Provider.
- In the Identity Provider Setup section, click Download Metadata and then provide the downloaded file to Tanium.
You can upload the metadata file in the Identity Provider Metadata step of the Cloud Management Portal identity provider configuration. For more information, see Configure your identity provider.
- In the Service Providers section, click Service Providers are now created via Connected Apps. Click here.
- In the Basic Information section, enter the required fields.
- In the Web App Settings section, select Enable SAML, enter the following values from the Cloud Management Portal, and then click Save.
Start URL: Tanium Console Url
Entity Id: Audience URI/SP Entity ID
ACS URL: SSO Url
Subject Type: select Username
Name ID Format: select urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
IdP Certificate: select the certificate that corresponds to the previously downloaded metadata file
- In the Custom Attributes section, click New, enter the following values and then click Save.
Attribute key: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Attribute value: $User.Email
- From the navigation menu, click Manage > Edit Policies.
- In the Profiles section, click Manage Profiles.
- Select the user profiles to assign the enterprise application to any users that you want to have access to Tanium Cloud.
You must give access to the user that is listed as the Primary Tanium Cloud Admin Username in the Cloud Management Portal. This user is the only user that is created in Tanium Cloud during the provisioning process. Additional users can be created in Tanium Cloud by this user or other delegated users.
Last updated: 5/12/2022 6:14 PM | Feedback