-
Notifications
You must be signed in to change notification settings - Fork 2
Accessing TMI
Eric Fitzgerald edited this page Apr 5, 2026
·
5 revisions
Learn how to access the TMI platform and authenticate with your account.
TMI is available as a hosted service at https://www.tmi.dev
-
Navigate to tmi.dev
- Open your web browser
- Go to https://www.tmi.dev
-
Authenticate
- Click "Get Started"
- The login page will load the available authentication providers from the server
- Choose your sign-in method from the displayed providers, which may include:
- OAuth providers (e.g., Google, GitHub, Microsoft, or other configured OIDC providers)
- SAML providers (e.g., corporate SSO or other configured providers)
-
Grant Permissions
- Review the OAuth provider's dialog showing you the permissions TMI requested
- Click "Allow" or "Authorize" to grant TMI permission to use your OAuth provider
-
Welcome to TMI
- You'll be directed to a role-based landing page (e.g., the dashboard, admin panel, or intake page depending on your role)
- You're now ready to create threat models
If you've used TMI before:
- Navigate to tmi.dev
- Click "Get Started"
- Select your authentication provider
- You are automatically logged in if your session is still valid. Otherwise, you need to log into your OAuth provider and then you are returned to TMI.
- Authentication tokens are valid for 1 hour and are transparently renewed while you are actively using the application.
- If you leave your session idle, you get a warning dialog 5 minutes before your token expires. You can extend or end your session, or do nothing.
- You are automatically logged out after the token expires.
- Simply sign in again to continue your work
- Your data is preserved and will be available when you return
If your organization has deployed TMI on its own infrastructure:
-
Get the URL from your TMI administrator
- Example:
https://tmi.your-company.com
- Example:
-
Navigate to your TMI instance
- Use the URL provided by your administrator
-
Authenticate
- Click "Get Started" and use the authentication method configured by your organization
- The login page loads available providers from the server, which may include:
- Corporate SAML provider (many organizations refer to this as "SSO")
- Corporate OAuth provider
- GitHub, Google, Microsoft, or other third-party OAuth/OIDC providers
-
Contact your administrator if you have trouble accessing the system
TMI works best with modern web browsers:
-
Chrome (recommended) - version 90+
- Includes Chromium-based browsers like Edge and Brave
- Firefox - version 88+
- Safari - version 14+
- JavaScript enabled
- Local storage enabled
- WebSocket support (for real-time collaboration)
- Enable third-party cookies (only if required by your OAuth provider)
- Ensure redirects are not blocked (OAuth uses full-page redirects, not pop-ups)
If accessing the hosted service, ensure:
-
HTTPS access to
www.tmi.dev -
WebSocket (WSS) access to
www.tmi.dev -
OAuth provider access (depending on which providers are enabled):
-
accounts.google.com(for Google Sign-In) -
github.com(for GitHub Sign-In) -
login.microsoftonline.com(for Microsoft Sign-In)
-
For self-hosted deployments, ensure:
- Network access to your TMI server URL
- WebSocket (WSS) support from your client to your TMI server URL
- Access to configured OAuth or SAML provider(s)
If accessing from a corporate network:
- Proxy configuration: Configure your browser to use corporate proxy
- Firewall rules: Ensure WebSocket traffic is allowed
- TLS inspection: May require certificate trust configuration
- VPN: May be required for remote access
Contact your IT department if you have connectivity issues.
Problem: Browser shows "Site cannot be reached" or similar error
Solutions:
- Check your internet connection
- Try accessing from a different network
- Check if there's a service status page
- Verify the URL is correct
Problem: Error during sign-in with OAuth provider
Solutions:
- Ensure redirects are not blocked (TMI uses full-page redirects, not pop-ups)
- Clear browser cookies and try again
- Try a different browser
- Check that you have an account with the OAuth provider
- See Common-Issues#authentication-problems for more details
Problem: Real-time features don't work
Solutions:
- Check that WebSockets are allowed through your firewall
- Verify your browser supports WebSockets
- Try disabling browser extensions
- See Common-Issues#websocket-problems for more details
Problem: "Session expired" or "Token invalid" message
Solution:
- Simply sign in again
- Your data is safe and will be available
- Hosted Service: Data is stored securely on TMI servers
- Self-Hosted: Data is stored on your organization's infrastructure
- TMI uses OAuth 2.0 with PKCE (Proof Key for Code Exchange) for secure authentication
- SAML 2.0 is also supported for enterprise identity providers
- Passwords are never received or stored by TMI
- Authentication is handled by your identity provider (OAuth or SAML)
- All communication uses HTTPS/TLS encryption
- WebSocket connections use WSS (WebSocket Secure)
- Access tokens expire after a configured period (default: 1 hour) and are transparently renewed for active users
- Absolute session lifetime is 7 days by default, after which re-authentication is required
- You can sign out manually at any time
- Closing the browser tab does not sign you out
Once you've accessed TMI:
- New to TMI? Start with Creating-Your-First-Threat-Model
- Returning user? Jump to Understanding-the-User-Interface
- Need help? See Getting-Help
- Setting-Up-Authentication (for administrators)
- Common-Issues (troubleshooting)
- Security-Best-Practices
- Using TMI for Threat Modeling
- Accessing TMI
- Authentication
- Creating Your First Threat Model
- Understanding the User Interface
- Working with Data Flow Diagrams
- Managing Threats
- Collaborative Threat Modeling
- Using Notes and Documentation
- Timmy AI Assistant
- Metadata and Extensions
- Planning Your Deployment
- Terraform Deployment (AWS, OCI, GCP, Azure)
- Deploying TMI Server
- OCI Container Deployment
- Certificate Automation
- Deploying TMI Web Application
- Setting Up Authentication
- Database Setup
- Component Integration
- Post-Deployment
- Branding and Customization
- Monitoring and Health
- Cloud Logging
- Database Operations
- Security Operations
- Performance and Scaling
- Maintenance Tasks
- Getting Started with Development
- Architecture and Design
- API Integration
- Testing
- Contributing
- Extending TMI
- Dependency Upgrade Plans
- DFD Graphing Library Reference
- Migration Instructions