Configuring Google Cloud Identity for TaaS

Google Cloud Identity is the default identity provider for G Suite and Google Cloud Platform. To use Google Cloud Identity as an identity provider for TaaS, you must first configure it.

Create a SAML application and provide the metadata to Tanium

  1. From the Google Admin Console (https://admin.google.com/), click Apps.
  2. Click SAML Apps and then click + to add a new app.
  3. In the Basic Information for your Custom App step, enter a name, such as Tanium or TaaS, for the new application, optionally upload a logo, and then click Next.
  4. In the Enable SSO for SAML Application step, click SETUP MY OWN CUSTOM APP.
    1. In the Google IdP Information step, click DOWNLOAD in the Option 2 section, provide the downloaded file to Tanium, and then click Next.





      You can upload the metadata file in the Identity Provider Metadata step of the Cloud Management Portal identity provider configuration. For more information, see Configure your identity provider.

    2. In the Service Provider Details step, enter the following values from the Cloud Management Portal and then click Next.

      ACS URL: SSO URL
      Entity IR: Audience URI (SP Entity ID)
      Start URL: TaaS Console URL

    3. In the Attribute Mapping step, enter the following values and then click Finish.

      Enter the application attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
      Select category: Basic Information
      Select user field: Primary Email

Assign the enterprise application to users

  1. In the User access section of Service Status, click the expander icon to assign the enterprise application to any users that you want to have access to TaaS.
  2. Configure an appropriate user access policy for Tanium for your organization.

    You must give access to the user that is listed as the Primary TaaS Admin Username in the Cloud Management Portal. This user is the only user that is created in TaaS during the provisioning process. Additional users can be created in TaaS by this user or other delegated users.