Tealium supports Security Assertion Markup Language (SAML) for implementing Single Sign-On (SSO). SSO is a secure way of using one authentication system to gain access to multiple applications. Using SAML for Tealium allows you to secure your users' accounts under your trusted enterprise identity provider.
SSO can be enabled only in your primary Tealium account. After SSO is enabled, Tealium will no longer manage the passwords for your users. You will still add users and manage permissions from within Tealium, but functionality related to passwords and authentication (ie. multi-factor authentication) will no longer be available in your account. They will authenticate through your corporate system then use a special SSO URL to access their Tealium account.
When users are added to your SSO-enabled account they will no longer receive an activation email from Tealium.
Enabling SAML SSO for Tealium
In order to get started using SAML SSO for Tealium you will need a SAML service configured. Contact Tealium Support Desk to work through the following steps to get your account activated for SAML SSO:
Step 1: Configure a SAML-based identity provider in your application
You may use third-party providers (eg. PingOne, Okta, and OneLogin) or set up your own server. The only requirement is that it can communicate using the SAML format.
Step 2: Gather your identity provider attributes
The following values are required:
Email address for the IdP admin
Step 3: Provide the identity provider details to Tealium Support
A SAML metadata XML file or a URL to the metadata file works best for this purpose. Tealium support will use this information initiate the SSO enablement process with the Tealium IT team.
During the enablement, Tealium will assign a idp_id value that will uniquely identify your account. You will require this value when signing in.
Signing into Tealium with SAML SSO
Signing into an SSO-enabled account requires a special entry point URL. The standard Tealium login page, which requires a password, will not work for users attempting to access an SSO-enabled account.
Before You Begin: If you have not already done so, contact Tealium Support to get the idp_id value for your SSO-enabled Tealium iQ account.
Q. How do I log into Tealium Tools such as Web Companion or Verify using SAML SSO?
Tealium Tools such as Web Companion and Verify that require login credentials, are not currently supported for SAML SSO accounts. Future releases of SAML SSO will incorporate Tealium Tool authentication.