SSO Information

SSO allows users to sign into the TAO platform using their organization's credentials.  As part of the onboarding process (or for current customers who wish to begin utilizing SSO), we send an SSO implementation form to the customer.  This form must be completed in its entirety as the information in this form is required for TAO to correctly setup SSO and enable the integration.

The customer must provide a metadata URL, or XML file of their Identity Provider, as well as test credentials, if possible.

TAO must receive the following attributes (or claims):

https://ldap.com/ldap-oid-reference-guide

Attribute Name Friendly Name AKA
urn:oid:1.3.6.1.4.1.5293.1.1.1.6 eduPersonPrincipalName (in ADFS, user.userPrincipalName is a good source for this)
urn:oid:0.9.2.2342.192900300.100.13 mail email address (in ADFS, user.mail (published email address) is a good source for this)
urn:oid:0.9.2.2342.192900300.100.1.1 givenName first name
urn:oid:2.5.4.42 sn last name, surname

Using AD and need assistance setting up SSO for TAO?

Is TAO fully SAML2 compliant?  Yes

Does TAO support encrypted and / or signed assertions?  Signed only (working towards encrypted)

What unique identifier(s) will be used?  Email address or EPPN

Does TAO monitor for metadata changes?  Not at this time.  If metadata changes take place at any time after implementation, TAO Support must be notified in advance of any changes to your SSO metadata to prevent any lapse in SSO service.

Still need help? Contact Us Contact Us