Configuring identity providers in the Cloud Management Portal

You can use the TaaS Cloud Management Portal to help you configure your identity provider, manage your existing provider configurations, and view your Tanium instance and entitlement details.

Sign in to the Cloud Management Portal

You can view your existing identity provider configurations or configure new identity providers in the Cloud Management Portal. The link to access the portal with temporary credentials is provided to you.

Your temporary credentials are set to expire in seven days. Contact Tanium Support if your temporary credentials are no longer valid.

  1. Click Get Started to sign in to the portal with your temporary credentials.
  2. After you sign in for the first time, create a new password and click Next.
  3. Set up multi-factor authentication.
    1. Open any authentication app and scan the QR code.
    2. Enter the generated code and click Verify.

Configure your identity provider

  1. From the Cloud Management Home page, click Get Started.
  2. In the Enter these settings into your IDP step, select either Auto Setup or Manual Setup.
    • If you chose the automatic setup, click Download Service Provider Metadata XML file to download the XML file and upload it to your identity provider.
    • If you chose the manual setup, copy the values for SSO Url, Audience URI/Entity ID, Tanium Console Url, and Logout Url values to manually paste them into your identity provider configuration.

    If your identity provider does not support uploading the metadata XML file, you must select Manual Setup.

  3. In the Identity Provider Attribute Setup step, verify that you have a claim that is configured in your identity provider for the listed http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress claim name with a value of user.mail.
  4. In the Identity Provider Metadata step, test the connection to your identity provider by either providing the metadata URL from your identity provider or uploading the downloaded XML file from your identity provider.
  5. In the Specify Login Domain(s) step, add any domains that you want to allow access.
    1. Enter a domain and click Add domain.
    2. Select whether you want to automatically provision users from that domain by clicking Yes or No.

      If you want to automatically provision users, you must also set the default user group in the Tanium Console. For more information, see Tanium Console User Guide: Set the default user group.

  6. In the You are now ready to test your IDP step, click Apply Changes.

    Click Test Login to make sure that TaaS can successfully connect to your identity provider.

Edit an existing identity provider configuration

  1. From the Cloud Management Portal menu, click Administration.
  2. In the Identity Provider Settings section, click Edit next to the configuration that you want to update.
  3. Make any updates, click Apply Changes, and then click Test Login.

Delete an existing identity provider configuration

To delete an existing configuration, click Delete next to the configuration.

The Cloud Management Portal does not delete the Tanium configuration from your third-party identity provider, but that identity provider can no longer be used with Tanium after you delete it in the Cloud Management Portal. To use that identity provider again, Configure your identity provider in the Cloud Management Portal again.