Getting started with TaaS

Step 1: Configure identity providers

Production TaaS instances require that you have a SAML 2.0 compliant identity provider with 2FA enabled. The identity provider must be authoritative for its user email domain. Work with your TaaS contact to configure this integration. The required information for configuring this integration, which will be provided at build time, includes: 

Console URL: https://<customerName>.cloud.tanium.com
Single Sign on URL Format: https://<customerName>-tanium.auth.us-west-2.amazoncognito.com/saml2/idpresponse
Sign out URL: https://<customerName>-tanium.auth.us-west-2.amazoncognito.com/saml2/logout
Signing Certificate: The public signing certificate. Might be required for some sign out flows
Audience URI (SP Entity ID): amazon:cognito:sp:<yourUserPoolId>

Example instructions for different identity providers follow: 

Step 2: Configure client security exceptions

  • Configure open communication on ports 17472 and 17486 on all your endpoints to enable communication between endpoints and TaaS, and between endpoints.
  • Configure security software exceptions on your endpoints to prevent interference with Tanium Client activities.

See Host and network security requirements.

Step 3: Create additional roles, groups, users

Control access to the TaaS platform and products by assigning users to groups and roles. See Tanium Console User Guide: RBAC overview.

Step 4: Deploy Tanium Client

Download client installer bundles from Tanium Client Management. Use any existing software distribution method to distribute the Tanium Client to endpoints. Consult your TAM for assistance.

If you are migrating from an on-premises Taniumâ„¢ Server to TaaS, contact your TAM for migration guidance.

Step 5: Use Tanium Platform and products

After the initial setup is complete, you can use the Tanium platform and the products that you have provisioned. To get started with the Tanium platform, see Tanium Console User Guide.