Configuring Azure AD for TaaS

To use Azure Active Directory (AD) as an identity provider for TaaS, you must first configure it. For more information about configuring Azure AD, see How to add Azure AD as AWS Cognito Federated Identity Provider.

Create a SAML application and provide the metadata to Tanium

  1. From the Azure Management Portal (https://portal.azure.com), click Azure Active Directory.
  2. In the Create section, click Enterprise Application.
  3. In the Browse Azure AD Gallery (Preview) section, click Create your own application.
  4. In the Create your own application section, enter a name, such as Tanium or TaaS, for the new application, select Integrate any other application you don't find in the gallery, and then click Add.
  5. In the Getting Started section, click Set up single sign on and then click SAML.
    1. In the Basic SAML Configuration section, click Edit, enter the following values from your welcome e-mail from Tanium.

      Identifier (Entity ID): Audience URI (SP Entity ID)
      Reply URL (Assertion Consumer Service URL): SSO URL
      Sign on URL: TaaS Console URL
      Logout Url: Sign out URL

    2. Leave the Relay State field blank, and then click Save.
    3. To dismiss the Save single sign-on configuration success prompt, click X, and then click X to close the Basic SAML Configuration section.
    4. When you are prompted to test single sign-on, click No, I'll test later.
  6. In the User Attributes & Claims section, click Edit.
    1. Verify that the value for Unique User Identifier (Name ID) is valid and populated for all users.
    2. Verify that the value for http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress contains e-mail address for the users that you are adding to TaaS.
    3. If either of the values are incorrect, correct them and then click X to close the User Attributes & Claims section.
  7. In the SAML Signing Certificate section, click Download for Federation Metadata XML and then provide the downloaded file to Tanium.
  8. (Optional) From the navigation menu, click Manage > Properties, upload a logo for the application, and then click Save.

Assign the enterprise application to users

From the navigation menu, click Manage > Users and groups, and then click Add user to assign the enterprise application to any users that you want to have access to TaaS.

You must give access to the user that is listed as the Primary TaaS Admin Username in your welcome e-mail from Tanium. This user is the only user that is created in TaaS during the provisioning process. Additional users can be created in TaaS by this user or other delegated users.