SSO allows users to sign into the TAO platform using their organization's credentials. As part of the onboarding process (or for current customers who wish to begin utilizing SSO), we send an SSO implementation form to the customer. This form must be completed in its entirety as the information in this form is required for TAO to correctly setup SSO and enable the integration.
The customer must provide a metadata URL, or XML file of their Identity Provider, as well as test credentials, if possible.
TAO must receive the following attributes (or claims):
|Attribute Name||Friendly Name||AKA|
|urn:oid:184.108.40.206.4.1.52220.127.116.11.6||eduPersonPrincipalName||(in ADFS, user.userPrincipalName is a good source for this)|
|urn:oid:0.9.2.2342.192900300.100.13||email address (in ADFS, user.mail (published email address) is a good source for this)|
|urn:oid:18.104.22.168||sn||last name, surname|
Using AD and need assistance setting up SSO for TAO?
Is TAO fully SAML2 compliant? Yes
Does TAO support encrypted and / or signed assertions? Signed only (working towards encrypted)
What unique identifier(s) will be used? Email address or EPPN
Does TAO monitor for metadata changes? Not at this time. If metadata changes take place at any time after implementation, TAO Support must be notified in advance of any changes to your SSO metadata to prevent any lapse in SSO service.