Guide to Setting Up OpenID Connect-based SSO for TAC

⚠️ Attention: The platform does not support SAML configurations.

Step 1: Add Domains to Your Active Directory

1. Access the Management Console: Open your Active Directory management console.
2. Select Domain Management: Navigate to the domain management section within the console.
3. Add and Verify Domains: Enter the following domains that will be used for implementing SSO with TAC. After adding, proceed to verify each:
   • tac.touchandcontact.com
   • company.touchandcontact.com
4. (Optional) Add the following URLs for a more specific configuration: ◦ https://tac.touchandcontact.com/Login ◦ https://company.touchandcontact.com/Login

Step 2: Configure User Attributes and Claims

1. Access SSO Settings: Within your Active Directory settings, locate the options for configuring SSO.
2. Enable Attributes and Claims: Activate the feature that allows the use of User Attributes and Claims. This setting is crucial for ensuring the effective integration of specific user data with TAC through SSO.

Step 3: Set Up Delegated Permissions

1. Visit the Application Registration Page: Go to the application registration page within your Active Directory.
2. Add Delegated Permissions: Set up the following delegated permissions for the application, essential for proper integration:
   • email
   • offline_access
   • openid
   • profile