SSO allows users to sign into the TAO platform using their organization's credentials, allowing the organization to decide which users have access to the product. As part of the onboarding process (or for current customers who wish to begin utilizing SSO), we send an SSO information form to the customer. This form must be completed in its entirety. Any missing line items will delay setup.
Customer must provide a metadata URL, or zipped XML file for their IdP, as well as test credentials, if possible.
TAO uses the Friendly Names listed below - we must receive the following attributes/claims at minimum (other data sent will be discarded):
|Friendly Name||AKA||Common URN Value|
|eppn|| eduPersonPrincipalName (also 'uid' or 'employeeNumber')
| email address (also 'email')
|sn|| last name (also 'surname')
Is TAO fully SAML2 compliant? Yes.
Does TAO support encryption, signing? Both - all encryption/signing configuration requirements should be included in the metadata (these options are based on customer metadata).
What unique identifier(s) can be used? Email address, EPPN, UID, Employee Number (can be alphanumeric; user-specific, unique, static values preferred).
Does TAO monitor/implement metadata changes automatically? Not currently. If IdP metadata changes take place at any time after initial setup, TAO Support must be notified and given new metadata (URL preferred).
Using AD and need assistance setting up SSO for TAO? Reference the links below: