SSO allows users to sign into the TAO platform using their organization's credentials, allowing the organization to decide which users have access to the product. As part of the onboarding process (or for current customers who wish to begin utilizing SSO), we send an SSO information form to the customer. This form must be completed in its entirety. Any missing line items will delay setup.
Customer must provide a metadata URL, or zipped XML file for their IdP, as well as test credentials, if possible.
TAO consumes the attributes/claims listed below - we must receive the following friendly names (other attributes/claims sent will be discarded/ignored):
Is TAO fully SAML2 compliant? Yes.
Does TAO support encryption, signing? Both - all encryption/signing configuration requirements should be included in the metadata (these options are based on individual customer metadata).
What unique identifier(s) can be used for eppn? Email address, EPPN, UID, Employee Number (can be alphanumeric; user-specific, unique, static values preferred).
Does TAO monitor/implement metadata changes automatically? Not currently. If IdP metadata changes take place at any time after initial setup, TAO Support must be notified and given new metadata (URL preferred).
Using AD/Azure and need assistance setting up SSO for TAO? Reference the links below:
- Custom attributes/claims: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization
- Attribute/claim mapping: https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes