Installation

TIDALBAY is a cloud-hosted platform—there is no software to install on your infrastructure. This guide covers provisioning your tenant, configuring SSO, and deploying optional on-premises components.

Cloud Setup (Recommended)

Most organizations use TIDALBAY as a fully managed SaaS platform:

  1. Sign up at tidalbay.com/free-trial
  2. Verify your corporate email domain
  3. Your tenant is provisioned automatically
  4. Access the admin dashboard at yourcompany.tidalbay.com
Tenant Provisioning
Tenants are provisioned in your selected region (US, EU, or APAC) within minutes. Data residency is locked to the selected region and cannot be changed after provisioning.

SSO Configuration

We strongly recommend configuring SSO before inviting team members:

SAML 2.0

  1. Navigate to Admin → Settings → Authentication
  2. Click Configure SSO
  3. Select SAML 2.0
  4. Enter your IdP metadata URL or upload the metadata XML
  5. Map the required attributes (email, firstName, lastName)
  6. Test the connection with a test login
  7. Enable SSO enforcement (optional)

OpenID Connect

  1. Navigate to Admin → Settings → Authentication
  2. Select OIDC
  3. Enter your OIDC discovery URL
  4. Enter the client ID and secret from your IdP
  5. Configure the redirect URI as shown in the setup wizard
  6. Test and activate

On-Premises Components (Enterprise)

Enterprise customers can deploy optional components within their network:

TIDALBAY Collector

The Collector is a lightweight agent that runs inside your network to stream events from on-premises security tools to TIDALBAY:

  • Requirements: Linux (Ubuntu 20.04+ or RHEL 8+), 2 CPU, 4 GB RAM
  • Deployment: Docker container or systemd service
  • Communication: Outbound HTTPS only (no inbound ports required)
# Docker deployment
docker run -d \
  --name tidalbay-collector \
  -e TIDALBAY_API_KEY=your_api_key \
  -e TIDALBAY_TENANT=yourcompany \
  tidalbay/collector:latest
Network Requirements
The Collector only makes outbound HTTPS connections toapi.tidalbay.com. No inbound firewall rules are needed.

Browser Extension (TidalBay Coach)

The TidalBay Coach browser extension provides real-time security coaching:

  • Chrome: Deploy via Google Admin Console or Chrome Enterprise policies
  • Edge: Deploy via Microsoft Intune or Group Policy
  • Firefox: Deploy via Firefox Enterprise policies

The extension can be silently deployed to managed devices using your MDM solution. See TidalBay Coach for details.

Next Steps