Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Talend Managemnet Console supports SingleSignOn(SSO) and integrates with several SSO platforms. In this exercise, you will activate SSO by linking your TMC with Okta which is a third-party enterprise-grade identity management service, built for the cloud, but compatible with many on-premises applications.
Create an organization with applications on OKTA
- Connect to okta.com web-browser and create a trial account on https://www.okta.com
- Once the account is created successfully a confirmation email will be sent to the email address with your organization url. Copy this URL in Notepad as you need to use it later to log in to OKTA.
Check your email inbox and click on the confirmation link to activate the Okta Account
ADD TALEND CLOUD AS AN APPLICATION in OKTA
Connect to your Okta organization and add Talend Cloud as a new SSO-enabled application.
- Copy your organization URL (the one that you copied in a notepad in the previous section).
- Open a web browser and paste the URL. Connect by using your Okta credentials. Your account has administrator privileges on the organization.
- In the top right corner click on Admin
- Go to the Application Tab
- Click on Create App Integration
- In the Create a New Application Integration window, select the SAML 2.0 options, then click Next
- On the General Settings page, enter a name for your application( Ex: Talend Cloud), then click Next
- Fill in the SAML Settings as per the Talend Cloud Region. Below are the settings for Talend Cloud AP Region
Single Sign-On URL: https://iam.ap.cloud.talend.com/oidc/ssologin
Recipient URL: https://iam.ap.cloud.talend.com/oidc/ssologin
Destination URL: https://iam.ap.cloud.talend.com/oidc/ssologin
Audience Restriction : https://iam.ap.cloud.talend.com/oidc/ssologin
Name ID Format: EmailAddress - In the Attribute Statements area, add the following attributes:
Once your application is created, you are redirected to the application page. On the Sign On tab, go to SAML Signing Certificates, click on Actions --> View Idp Metadata -->right-click and save as the SAML metadata XML.You will use it later in this exercise, as TMC needs it to enable communication with okta.com.
The TalendCloudDomainName attribute indicates your Talend Cloud domain. You can find the domain name in the Domain field of the Subscription page of your Talend Management Console. The NameId Format attribute indicates the email address format.
Once you set and Create the Talend Cloud SAML application, you can see the Icon created in OKTA My Apps
Enabling SSO in the Talend Management Console
- Before you begin Procedure, find this URL in the Identity Provider Single Sign-On URL field of the Applications Sign-on tab in Okta
- Upload the metadata file you downloaded from the SSO application configuration by clicking the icon.(You can refer to the details above mentioned how to download the vie IDP metadata)
- If needed, edit them to match the application configuration specified on the SSO provider side.
These attributes are propagated to the SAML token used to authenticate users. The application configuration on the SSO provider side must specify these attributes as well as two other attributes: - Click Test to check your configuration
- Click Save
Now go to OKTA and click on the Talend Cloud Application if the configuration is successful the integration should work.
And TADA! You are connected to Talend. Check that your user has the roles and types you have set.
You must have the Security Administrator role in Talend Management Console and have the metadata file obtained from the SSO provider
- Log in to Talend Management Console.
- On the top of the Users&Security page, click Authentication.
- Click Configuration.
- Enter the SSO provider domain name in the Organization URL field.
Environment
Free Trial OKTA Account
Talend Management Center
Related Content
creating-talend-cloud-application-in-okta
