Getting started with TaaS
Production TaaS instances require that you have a SAML 2.0 compliant identity provider with 2FA enabled. The identity provider must be authoritative for its user email domain. Work with your TaaS contact to configure this integration. The required information for configuring this integration, which will be provided at build time, includes:
Console URL: https://<cename>.cloud.tanium.com Single Sign on URL Format: https://<cename>-tanium.auth.us-west-2.amazoncognito.com/saml2/idpresponse Sign out URL: https://<cename>-tanium.auth.us-west-2.amazoncognito.com/saml2/logout Signing Certificate: The public signing certificate. Might be required for some sign out flows Audience URI (SP Entity ID): amazon:cognito:sp:yourUserPoolId
Example instructions for different identity providers follow:
- Configure open communication on ports 17472 and 17486 on all your endpoints to enable communication between endpoints and TaaS, and between endpoints.
Configure security software exceptions on your endpoints to prevent interference with Tanium Client activities.
Control access to the TaaS platform and products by assigning users to groups and roles. See Tanium Console User Guide: RBAC overview.
Download client install bundles from Tanium Client Management. Use any existing software distribution method to distribute the Tanium Client to endpoints. Consult your TAM for assistance.
If you are migrating from an on-premises Tanium™ Server to TaaS, contact your TAM for migration guidance.
After the initial setup is complete, you can use the Tanium platform and the products that you have provisioned. To get started with the Tanium platform, see Tanium Console User Guide.
Last updated: 7/1/2020 10:58 AM | Feedback