Configuring Google Cloud Identity for TaaS
Google Cloud Identity is the default identity provider for G Suite and Google Cloud Platform. To use Google Cloud Identity as an identity provider for TaaS, you must first configure it.
- From the Google Admin Console (https://admin.google.com/), click Apps.
- Click SAML Apps and then click + to add a new app.
- In the Basic Information for your Custom App step, enter a name, such as Tanium or TaaS, for the new application, optionally upload a logo, and then click Next.
- In the Enable SSO for SAML Application step, click SETUP MY OWN CUSTOM APP.
- In the Google IdP Information step, click DOWNLOAD in the Option 2 section, provide the downloaded file to Tanium, and then click Next.
- In the Service Provider Details step, enter the following values from your welcome e-mail from Tanium and then click Next.
ACS URL: SSO URL
Entity IR: Audience URI (SP Entity ID)
Start URL: TaaS Console URL
- In the Attribute Mapping step, enter the following values and then click Finish.
Enter the application attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Select category: Basic Information
Select user field: Primary Email
- In the User access section of Service Status, click the expander icon to assign the enterprise application to any users that you want to have access to TaaS.
- Configure an appropriate user access policy for Tanium for your organization.
You must give access to the user that is listed as the Primary TaaS Admin Username in your welcome e-mail from Tanium. This user is the only user that is created in TaaS during the provisioning process. Additional users can be created in TaaS by this user or other delegated users.
Last updated: 3/25/2021 2:16 PM | Feedback