SSO allows users to sign into the TAO platform using their organization's credentials. As part of the onboarding process (or for current customers who wish to begin utilizing SSO), we send an SSO information form to the customer. This form must be completed in its entirety. Any missing line items will delay setup.
Customer must provide a metadata URL, or XML file of their IdP, as well as test credentials, if possible.
TAO must receive the following attributes/claims at minimum:
|Attribute Name||Friendly Name||AKA|
|urn:oid:184.108.40.206.4.1.52220.127.116.11.6||eppn||eduPersonPrincipalName (can also be 'uid', 'employeeNumber')|
|urn:oid:0.9.2.2342.192900300.100.13||email address (can also be 'email')|
|urn:oid:18.104.22.168||sn||last name (can also be 'surname')|
Is TAO fully SAML2 compliant? Yes.
Does TAO support encryption, signing? Both - all encryption/signing configuration requirements should be included in the metadata.
What unique identifier(s) will be used? Email address, EPPN, UID (can be alphanumeric; user-specific, unique, static values preferred).
Does TAO monitor/implement metadata changes automatically? Not currently. If IdP metadata changes take place at any time after initial setup, TAO Support must be notified and given new metadata (URL preferred).
Using AD(FS) and need assistance setting up SSO for TAO? Reference the links below: