Accessing TMI - ericfitz/tmi GitHub Wiki

Accessing TMI

Learn how to access the TMI platform and authenticate with your account.

Using the Hosted Service

TMI is available as a hosted service at https://www.tmi.dev

First-Time Access

  1. Navigate to tmi.dev

  2. Authenticate

    • Click "Get Started"
    • The login page will load the available authentication providers from the server
    • Choose your sign-in method from the displayed providers, which may include:
      • OAuth providers (e.g., Google, GitHub, Microsoft, or other configured OIDC providers)
      • SAML providers (e.g., corporate SSO or other configured providers)

  3. Grant Permissions

    • Review the OAuth provider's dialog showing you the permissions TMI requested
    • Click "Allow" or "Authorize" to grant TMI permission to use your OAuth provider

  4. Welcome to TMI

    • You'll be directed to a role-based landing page (e.g., the dashboard, admin panel, or intake page depending on your role)
    • You're now ready to create threat models

Returning Users

If you've used TMI before:

  1. Navigate to tmi.dev
  2. Click "Get Started"
  3. Select your authentication provider
  4. You are automatically logged in if your session is still valid. Otherwise, you need to log into your OAuth provider and then you are returned to TMI.

Authentication Session

  • Authentication tokens are valid for 1 hour and are transparently renewed while you are actively using the application.
  • If you leave your session idle, you get a warning dialog 5 minutes before your token expires. You can extend or end your session, or do nothing.
  • You are automatically logged out after the token expires.
  • Simply sign in again to continue your work
  • Your data is preserved and will be available when you return

Self-Hosted Deployment

If your organization has deployed TMI on its own infrastructure:

  1. Get the URL from your TMI administrator

    • Example: https://tmi.your-company.com

  2. Navigate to your TMI instance

    • Use the URL provided by your administrator

  3. Authenticate

    • Click "Get Started" and use the authentication method configured by your organization
    • The login page loads available providers from the server, which may include:
      • Corporate SAML provider (many organizations refer to this as "SSO")
      • Corporate OAuth provider
      • GitHub, Google, Microsoft, or other third-party OAuth/OIDC providers

  4. Contact your administrator if you have trouble accessing the system

Browser Requirements

TMI works best with modern web browsers:

Supported Browsers

  • Chrome (recommended) - version 90+
    • Includes Chromium-based browsers like Edge and Brave
  • Firefox - version 88+
  • Safari - version 14+

Required Browser Features

  • JavaScript enabled
  • Local storage enabled
  • WebSocket support (for real-time collaboration)

Recommended Settings (if you encounter problems signing in)

  • Enable third-party cookies (only if required by your OAuth provider)
  • Ensure redirects are not blocked (OAuth uses full-page redirects, not pop-ups)

Network Requirements

Hosted Service (tmi.dev)

If accessing the hosted service, ensure:

  • HTTPS access to www.tmi.dev
  • WebSocket (WSS) access to www.tmi.dev
  • OAuth provider access (depending on which providers are enabled):
    • accounts.google.com (for Google Sign-In)
    • github.com (for GitHub Sign-In)
    • login.microsoftonline.com (for Microsoft Sign-In)

Self-Hosted Deployment

For self-hosted deployments, ensure:

  • Network access to your TMI server URL
  • WebSocket (WSS) support from your client to your TMI server URL
  • Access to configured OAuth or SAML provider(s)

Corporate Networks

If accessing from a corporate network:

  • Proxy configuration: Configure your browser to use corporate proxy
  • Firewall rules: Ensure WebSocket traffic is allowed
  • TLS inspection: May require certificate trust configuration
  • VPN: May be required for remote access

Contact your IT department if you have connectivity issues.

Troubleshooting Access

Cannot Reach tmi.dev

Problem: Browser shows "Site cannot be reached" or similar error

Solutions:

  • Check your internet connection
  • Try accessing from a different network
  • Check if there's a service status page
  • Verify the URL is correct

OAuth Authentication Fails

Problem: Error during sign-in with OAuth provider

Solutions:

  • Ensure redirects are not blocked (TMI uses full-page redirects, not pop-ups)
  • Clear browser cookies and try again
  • Try a different browser
  • Check that you have an account with the OAuth provider
  • See Common-Issues#authentication-problems for more details

WebSocket Connection Issues

Problem: Real-time features don't work

Solutions:

  • Check that WebSockets are allowed through your firewall
  • Verify your browser supports WebSockets
  • Try disabling browser extensions
  • See Common-Issues#websocket-problems for more details

Session Expired

Problem: "Session expired" or "Token invalid" message

Solution:

  • Simply sign in again
  • Your data is safe and will be available

Privacy and Security

Data Storage

  • Hosted Service: Data is stored securely on TMI servers
  • Self-Hosted: Data is stored on your organization's infrastructure

Authentication

  • TMI uses OAuth 2.0 with PKCE (Proof Key for Code Exchange) for secure authentication
  • SAML 2.0 is also supported for enterprise identity providers
  • Passwords are never received or stored by TMI
  • Authentication is handled by your identity provider (OAuth or SAML)

Communication

  • All communication uses HTTPS/TLS encryption
  • WebSocket connections use WSS (WebSocket Secure)

Session Management

  • Access tokens expire after a configured period (default: 1 hour) and are transparently renewed for active users
  • Absolute session lifetime is 7 days by default, after which re-authentication is required
  • You can sign out manually at any time
  • Closing the browser tab does not sign you out

Next Steps

Once you've accessed TMI:

Related Pages