Configuring Oracle Identity Cloud Service for TaaS

To use Oracle Identity Cloud Service as an identity provider for TaaS, you must first configure it.

Create a SAML application and provide the metadata to Tanium

  1. From the Oracle Identity Cloud Service Admin Console Dashboard, click Applications and then click + Add.
  2. In the Add Application section, click SAML Application.
  3. Configure the Details step.
    1. In the App Details section, enter a name, such as Tanium or TaaS, for the new application, and upload an optional application icon.
    2. In the Display Settings section, verify that Display in My Apps is deselected, and then click Next.

      Amazon Cognito, which is used for identity federation with TaaS, does not support IdP-initiated SSO. To sign in to TaaS, you must first access your TaaS Console URL from your welcome e-mail from Tanium.

  4. Configure the SSO Configuration step.
    1. In the General section, enter the following values from your welcome e-mail from Tanium.

      Entity ID: Audience URI (SP Entity ID)
      Assertion Consumer URL: SSO URL
      NameID Format: Email address
      NameID Value: Primary Email

    2. In the Advanced Settings section, select Enable Single Logout, and then configure the following settings.

      Logout binding: Redirect
      Single Logout URL: Sign out URL
      Logout Response URL: Sign out URL

    3. In the Attribute Configuration section, click + to add the following attribute.

      Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
      Value: Primary E-mail Address

    4. Click Download Identity Provider Metadata and then provide the downloaded file to Tanium.
    5. Click Finish.

Assign the enterprise application to users

From the application view, click Activate to assign the enterprise application to any users that you want to have access to TaaS.

You must give access to the user that is listed as the Primary TaaS Admin Username in your welcome e-mail from Tanium. This user is the only user that is created in TaaS during the provisioning process. Additional users can be created in TaaS by this user or other delegated users.