SSO Information

SSO allows users to sign into the TAO platform using their organization's credentials.  As part of the onboarding process (or for current customers who wish to begin utilizing SSO), we send an SSO information form to the customer.  This form must be completed in its entirety.  Any missing line items will delay setup.

Customer must provide a metadata URL, or XML file of their IdP, as well as test credentials, if possible.

TAO must receive the following attributes/claims at minimum:

Attribute Name Friendly Name AKA
urn:oid:1.3.6.1.4.1.5293.1.1.1.6 eppn eduPersonPrincipalName (can also be 'uid', 'employeeNumber')
urn:oid:0.9.2.2342.192900300.100.13 mail email address (can also be 'email')
urn:oid:0.9.2.2342.192900300.100.1.1 givenName first name
urn:oid:2.5.4.42 sn last name (can also be 'surname')

Is TAO fully SAML2 compliant?  Yes.

Does TAO support encryption, signing?  Both - all encryption/signing configuration requirements should be included in the metadata.

What unique identifier(s) will be used?  Email address, EPPN, UID (can be alphanumeric; user-specific, unique, static values preferred).

Does TAO monitor/implement metadata changes automatically?  Not currently.  If IdP metadata changes take place at any time after initial setup, TAO Support must be notified and given new metadata (URL preferred).

Using AD(FS) and need assistance setting up SSO for TAO?  Reference the links below:

Still need help? Contact Us Contact Us