Configuring Okta for TaaS
To use Okta as an identity provider for TaaS, you must first configure it. For more information about configuring Okta, see How do I set up Okta as a SAML identity provider in an Amazon Cognito user pool?
- Open the Okta Developer Console.
- From the Developer Console drop-down menu, click Classic UI to open the Admin Console.
You must use the Classic UI to create a SAML application.
- From the Main menu, click Applications, and then click Create New App.
- Confirm that the following fields are set correctly, and then click Create.
Sign on method: SAML 2.0
- Configure general settings.
- Enter a name, such as Tanium or TaaS.
- (Optional) Upload a logo.
- Verify that Do not display application icon to users and Do not display application icon in the Okta Mobile app are selected and then click Next.
- In the GENERAL section, enter the following values from your welcome e-mail from Tanium.
- In the ATTRIBUTE STATEMENTS (OPTIONAL) section, enter the following values, and then click Next.
- In the Feedback section, select I'm an Okta customer adding an internal app, provide any additional responses, and click Finish.
- In the SIGN ON METHODS section of the Sign On tab of the application, click Identity Provider metadata, and then provide the downloaded file to Tanium.
You can also right-click Identity Provider metadata and Copy Link Address to provide the URL to Tanium instead of downloading the XML file.
From the Assignments tab of the application, click Assign to assign the application to any users that you want to have access to TaaS.
You must give access to the user that is listed as the Primary TaaS Admin Username in your welcome e-mail from Tanium. This user is the only user that is created in TaaS during the provisioning process. Additional users can be created in TaaS by this user or other delegated users.
TaaS uses Amazon Cognito user pools, which does not currently support identity provider (IdP) initiated sign-on. To work around this limitation, you can create a Bookmark App. For more information, see Simulating an IdP-initiated Flow with the Bookmark App.
- From the Okta Admin Console, go to Shortcuts > Add Applications.
- Search for bookmark and then select Bookmark App in INTEGRATIONS.
- In the Bookmark App section, click Add.
- In the General Settings • Required section, enter the following values, and then click Done.
- (Optional) Edit the template logo to provide a more appropriate logo. This application is visible to users.
- Click the Assignments tab to assign the bookmark app to any users that you want to have access to the bookmark app.
You must give access to the user that is listed as the Primary TaaS Admin Username in your welcome e-mail from Tanium.
Use groups to assign access to TaaS and assign both the SAML integration application and the Bookmark App to that group to ensure that all users receive both applications.
Last updated: 2/22/2021 9:19 AM | Feedback