Skip to content
LeBlogOSD
Linkedin Github
LeBlogOSD

Table of Contents

Toggle
  • Tanium Account SSO: Easy SAML2 Setup with Microsoft Entra ID
    • Tanium Account SSO Overview
    • Artifacts
    • Network Egress
    • SAML2 Authentication
      • Local Account
      • Microsoft Entra ID
        • Create the SSO Configuration in Tanium
      • Configure the Tanium SSO Application in Entra ID
      • Return the Metadata to Tanium
      • Assign Users

Tanium Account SSO: Easy SAML2 Setup with Microsoft Entra ID

This guide explains how to configure Tanium Account SSO with Microsoft Entra ID, including Artifacts, Network Egress, and SAML2 authentication for secure tenant administration.

Tanium Account SSO Overview

In Tanium Account, the main areas used during tenant administration are Artifacts, Network Egress, and SAML2 authentication. This procedure focuses on those areas and shows how to configure Tanium Account SSO with Microsoft Entra ID for single sign-on.

For additional reference, see the Microsoft Entra SAML single sign-on documentation and the official Tanium documentation.

Artifacts

In Artifacts, you can find Tanium documentation and downloadable content, including resources related to on-premises versions.

Tanium Account SSO artifacts page with downloadable documentation and resources

Network Egress

Menu path: Tanium Account -> Cloud Instances -> Network Egress

Tanium Account menu path for Cloud Instances and Network Egress

In Network Egress, you can add the external URLs that are authorized for outbound communication from the tenant. Add new entries only when they are required by a real use case.

Tanium Network Egress configuration page for authorized external URLs

SAML2 Authentication

Local Account

You can configure up to five local accounts. Keep at least one local account available for fallback administration if SSO is unavailable.

Tanium Account local account configuration for fallback administration

Microsoft Entra ID

For SAML2 authentication, this example uses Microsoft Entra ID.

You can keep a local account on the tenant for fallback administration, and you can configure one or more SSO providers for tenant console access.

Create the SSO Configuration in Tanium

Create a new SSO identity provider configuration in Tanium Account

Menu path: Tanium Account -> Cloud Instances -> Administration -> Add IDP

  • Open the Cloud Instance configuration.
  • Add a new Tanium Console Identity Provider.
Cloud Instance administration page with the Add IDP option
Tanium Console Identity Provider settings form
  • Enter a name for the identity provider.
  • Generate and download the XML metadata configuration file from Tanium.
Download the Tanium SAML2 XML metadata configuration file

Configure the Tanium SSO Application in Entra ID

  • Open Microsoft Entra ID.
  • Add the Tanium SSO application.
Microsoft Entra ID enterprise application setup for Tanium SSO
  • Upload the XML metadata file generated from Tanium.
Upload the Tanium SAML metadata file in Microsoft Entra ID
  • Copy the App Federation Metadata URL.
Copy the App Federation Metadata URL from Microsoft Entra ID

Return the Metadata to Tanium

  • Return to the SAML2 configuration in Tanium.
  • Paste the metadata URL from Entra ID.
Paste the Entra ID federation metadata URL into Tanium SAML2 settings
  • Validate the configuration.

Useful complement: check the email claim in the attribute setup before applying the configuration.

Assign Users

  • Assign the required users or groups to the Tanium SSO application in Entra ID.
Assign users and groups to the Tanium SSO application in Entra ID
  • Apply the configuration in Tanium.
  • Test the identity provider.

Users who sign in through SSO are placed in the default user group.

  • Home
  • Administration
    • Bios & Drivers
    • Master
    • Packaging
    • Tools
    • Security
    • Scripts
    • Infra
  • MDM
    • EPM
    • Intune
    • MDT
    • Quest SMA
    • Quest SDA
    • Desktop Authority
    • Xtraction
    • SCCM
    • Tanium
    • Rundeck
    • WSUS
  • Favoris
  • Contact
Search