Reply
Highlighted
Community Manager
Posts: 549
Registered: ‎08-26-2015

Using Single Sign-On with Tealium

[ Edited ]

Tealium supports Security Assertion Markup Language (SAML) for implementing Single Sign-On (SSO). SSO is a secure way of using one authentication system to gain access to multiple applications. Using SAML for Tealium allows you to secure your users' accounts under your trusted enterprise identity provider.

 

SAML SSO is an Early Access release. You can access all Tealium products with SSO, however certain features are not yet supported.

 

SSO can be enabled only in your primary Tealium account. After SSO is enabled, Tealium will no longer manage the passwords for your users. You will still add users and manage permissions from within Tealium, but functionality related to passwords and authentication (ie. multi-factor authentication) will no longer be available in your account. When users are added to your SSO enabled account they will no longer receive an activation email from Tealium. They will authenticate through your corporate system then use a special SSO URL to access their Tealium account. 

Enabling SAML SSO for Tealium

In order to get started using SAML SSO for Tealium you will need a SAML service configured. You can work with your Account Manager through the following steps to get your account activated for SAML SSO:

 

Step 1: Configure a SAML-based identity provider in your application

You may use third-party providers (eg. PingOne, Okta, and OneLogin) or set up your own server. The only requirement is that it can communicate using the SAML format.  

 

Step 2: Gather your identity provider attributes

The following values are required:

  • Email address for the IdP admin 
  • Entity ID
  • SSO endpoint
  • Public Certificates

 

Step 3: Provide the identity provider details to your Tealium Account Manager

A SAML metadata XML file or a URL to the metadata file works best for this purpose. Once your account manager receives this information he/she will initiate the SSO enablement process with the Tealium IT team.

 

During the enablement, Tealium will assign a  idp_id value that'll uniquely identify your account. You will require this value when signing in.

Signing into Tealium with SAML SSO

Signing into an SSO-enabled account requires a special entry point URL. The standard Tealium login page, which requires a password, will not work for users attempting to access an SSO-enabled account.

Before You Begin: Please contact your Tealium Account Manager to get the idp_id value for your SSO-enabled Tealium iQ account (if you haven't already).

  1. Go to  https://sso.tealiumiq.com/login/sso/{idp_id}. Be sure to replace the idp_id with your specific value.
    • If you omit the idp_id value and go to https://sso.tealiumiq.com/login/sso/ instead, you'll be prompted to enter your email address so that Tealium can determine the name of your primary account.
  2. If your SSO session is still active you will be redirected into Tealium iQ automatically. Otherwise you'll be taken to your identity provider where you will enter your password. 

FAQ

Q. How do I find my primary Tealium account?

This information can be found in your User Preferences settings.

  • In Tealium iQ, click your name/email in the top right corner to open the Account Admin menu.
  • Under User Preferences, click Edit/View user Settings.
  • Your primary account will be displayed under your email address.

 

Q. I have access to multiple accounts, some are SSO-enabled and others are not. How should I log in?

First you must determine your primary account and whether it's enabled for SSO.

  • If your primary account is SSO-enabled then you must always log into that account using the special SSO URL. Once logged in you can access your other accounts from the Account/Profile switcher. 
  • If your primary account does not use SSO then you can log in directly through Tealium and use the Account/Profile switcher to access your other accounts (even if those other accounts are SSO-enabled).

 

Q. How can I reset my password?

Tealium does not manage passwords for SSO-enabled accounts. You must contact your identity provider administrator to resolve any login issues.

 

Q. How do I authenticate with the Tealium API using SAML SSO?

The Tealium API does not currently support SSO. Future releases of SAML SSO will incorporate API authentication.

 

Q. How do I log into Tealium Tools such as Web Companion or Verify using SAML SSO?

Tealium Tools such as Web Companion and Verify that require login credentials, are not currently supported for SAML SSO accounts. Future releases of SAML SSO will incorporate Tealium Tool authentication.

Remember to give me a kudo if you like my post! Accepting my post as a solution is even better! Also remember that search is your friend.

Reply
0 Kudos