- TLC Home Home
- Discussions Discussions
- Documentation Documentation
- Knowledge Base Knowledge Base
- Education Education
- Blog Blog
- Support Desk Support Desk
Tealium supports Security Assertion Markup Language (SAML) for implementing Single Sign-On (SSO). SSO is a secure way of using one authentication system to gain access to multiple applications. Using SAML for Tealium allows you to secure your users' accounts under your trusted enterprise identity provider.
SSO can be enabled only in your primary Tealium account. After SSO is enabled, Tealium will no longer manage the passwords for your users. You will still add users and manage permissions from within Tealium, but functionality related to passwords and authentication (ie. multi-factor authentication) will no longer be available in your account. They will authenticate through your corporate system then use a special SSO URL to access their Tealium account.
When users are added to your SSO-enabled account they will no longer receive an activation email from Tealium.
Enabling SAML SSO for Tealium
In order to get started using SAML SSO for Tealium you will need a SAML service configured. Contact Tealium Support Desk to work through the following steps to get your account activated for SAML SSO:
Step 1: Configure a SAML-based identity provider in your application
You may use third-party providers (eg. PingOne, Okta, and OneLogin) or set up your own server. The only requirement is that it can communicate using the SAML format.
Step 2: Gather your identity provider attributes
The following values are required:
Step 3: Provide the identity provider details to Tealium Support
A SAML metadata XML file or a URL to the metadata file works best for this purpose. Tealium support will use this information initiate the SSO enablement process with the Tealium IT team.
During the enablement, Tealium will assign a idp_id
value that will uniquely identify your account. You will require this value when signing in.
Signing into an SSO-enabled account requires a special entry point URL. The standard Tealium login page, which requires a password, will not work for users attempting to access an SSO-enabled account.
Before You Begin:
If you have not already done so, contact Tealium Support to get the idp_id
value for your SSO-enabled Tealium iQ account.
https://sso.tealiumiq.com/login/sso/{idp_id}
. Be sure to replace the idp_id
with your specific value.idp_id
value and go to https://sso.tealiumiq.com/login/sso/ instead, you will be prompted to enter your email address so that Tealium can determine the name of your primary account.Q. How do I find my primary Tealium account?
This information can be found in your User Preferences settings.
Q. I have access to multiple accounts, some are SSO-enabled and others are not. How should I log in?
First, you must determine your primary account and whether it is enabled for SSO.
Q. How can I reset my password?
Tealium does not manage passwords for SSO-enabled accounts. You must contact your identity provider administrator to resolve any login issues.
Q. How do I authenticate with the Tealium API using SAML SSO?
For information about how to authenticate with the Tealium API using SAML SSO, see Managing and Generating API Keys.
Q. How do I log into Tealium Tools such as Web Companion or Verify using SAML SSO?
Tealium Tools such as Web Companion and Verify that require login credentials, are not currently supported for SAML SSO accounts. Future releases of SAML SSO will incorporate Tealium Tool authentication.
Copyright All Rights Reserved © 2008-2023