Reference: Mapping CMP manual setup values with identity provider values

When you choose the manual setup option in the Enter these settings into your IDP step of the identity provider configuration in the CMP, some configuration values are provided for you to copy into your identity provider configuration.

AD FS

The following table shows which values to copy from the CMP into AD FS. For more information, see Configuring AD FS for Tanium Cloud.

Identity provider configuration CMP values
Relying party SAML 2.0 SSO service URL SSO Url
Relying party trust identifier Audience URI/SP Entity ID

Azure AD

The following table shows which values to copy from the CMP into Azure AD. For more information, see Configuring Azure AD for Tanium Cloud.

Identity provider configuration CMP values
Identifier (Entity ID) Audience URI/SP Entity ID
Reply URL (Assertion Consumer Service URL) SSO Url
Sign on URL Tanium Console Url
Logout Url Logout Url
Required claim > Claim name Unique User Identifier (Name ID)
Required claim > Value user.userprincipalname
Additional claim > Claim name

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

You can edit this value, but the value must match in both the Identity Provider Attribute Setup step of the CMP and your identity provider settings.

Additional claim > Value user.email

Duo Access Gateway

The following table shows which values to copy from the CMP into Duo Access Gateway. For more information about configuring Duo Access Gateway, see Duo Access Gateway - Generic SAML Service Providers.

Identity provider configuration CMP values
Entity ID Audience URI/SP Entity ID
Assertion Consumer Service SSO Url
Single logout URL Logout Url
Service provider login URL Tanium Console Url
NameID attribute <Email Address>
Map attributes > IDP Attribute

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

You can edit this value, but the value must match in both the Identity Provider Attribute Setup step of the CMP and your identity provider settings.

Map attributes > SAML Response Attribute <Email Address>

Google Cloud Identity

The following table shows which values to copy from the CMP into Google Cloud Identity. For more information, see Configuring Google Cloud Identity for Tanium Cloud.

Identity provider configuration CMP values
ACS URL SSO Url
Entity IR Audience URI/SP Entity ID
Start URL Tanium Console Url
Attribute Mapping > Application Attribute

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

You can edit this value, but the value must match in both the Identity Provider Attribute Setup step of the CMP and your identity provider settings.

Attribute Mapping > Category Basic Information
Attribute Mapping > User Field Primary Email

Okta

The following table shows which values to copy from the CMP into Okta. For more information, see Configuring Okta for Tanium Cloud.

Identity provider configuration CMP values
Single sign on URL SSO Url
Audience URI (SP Entity ID) Audience URI/SP Entity ID
ATTRIBUTE STATEMENTS (OPTIONAL) > Name

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

You can edit this value, but the value must match in both the Identity Provider Attribute Setup step of the CMP and your identity provider settings.

ATTRIBUTE STATEMENTS (OPTIONAL) > Value user.email

Oracle Identity Cloud Service

The following table shows which values to copy from the CMP into Oracle Identity Cloud Service. For more information, see Configuring Oracle Identity Cloud Service for Tanium Cloud.

Identity provider configuration CMP values
Entity ID Audience URI/SP Entity ID
Assertion Consumer URL SSO Url
NameID Format Email address
NameID Value Pirmary Email
Single Logout URL Logout Url
Logout Response URL Logout Url
Attribute Configuration > Name

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

You can edit this value, but the value must match in both the Identity Provider Attribute Setup step of the CMP and your identity provider settings.

Attribute Configuration > Value Primary E-mail Address

Salesforce

The following table shows which values to copy from the CMP into Salesforce. For more information, see Configuring Salesforce for Tanium Cloud.

Identity provider configuration CMP values
Start URL Tanium Console Url
Entity Id Audience URI/SP Entity ID
ACS URL SSO Url
Custom Attribute > Attribute key

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

You can edit this value, but the value must match in both the Identity Provider Attribute Setup step of the CMP and your identity provider settings.

Custom Attribute > Attribute value $User.Email