Configuring Salesforce for TaaS

To use Salesforce as an identity provider for TaaS, you must first configure it.

Create a SAML application and provide the metadata to Tanium

  1. Sign in to Salesforce and click Setup.
  2. In the Quick Find text box, enter Identity Provider.
  3. In the Identity Provider Setup section, click Download Metadata and then provide the downloaded file to Tanium.
  4. In the Service Providers section, click Service Providers are now created via Connected Apps. Click here.
  5. In the Basic Information section, enter the required fields.
  6. In the Web App Settings section, select Enable SAML, enter the following values from your welcome e-mail from Tanium, and then click Save.

    Start URL: Console URL
    Entity Id: Audience URI (SP Entity ID)
    Subject Type: select Username
    Name ID Format: select urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
    IdP Certificate: select the certificate that corresponds to the previously downloaded metadata file

  7. In the Custom Attributes section, click New, enter the following values and then click Save.

    Attribute key:
    Attribute value: $User.Email

Assign the enterprise application to users

  1. From the navigation menu, click Manage > Edit Policies.
  2. In the Profiles section, click Manage Profiles.
  3. Select the user profiles to assign the enterprise application to any users that you want to have access to TaaS.

    You must give access to the user that is listed as the Primary TaaS Admin Username in your welcome e-mail from Tanium. This user is the only user that is created in TaaS during the provisioning process. Additional users can be created in TaaS by this user or other delegated users.