Skip to main content Skip to complementary content

Using SSO to log in to Talend Administration Center


  1. On the Talend Administration Center, click Go to db config page.
  2. Type in the administrator password (admin by default) in the Database Configuration page and click OK.
    If you want to change the default password that allows you to change the database configuration (recommended), you have to edit the database.config.password parameter value in the file. For more information, see Change the default password used to configure the database.
    After the first connection, the node.identifier property is added in the file, identifying the Talend Administration Center instance connected to the database. The node ID is also shown at the bottom of the tree view of Talend Administration Center.
  3. Click the SSO node, configure it, then click Save to save your changes in the database:



    IDP metadata

    Click Launch Upload and upload the Identity Provider metadata file you have previously downloaded from the Identity Provider system.

    Service Provider Entity ID

    Enter the Entity ID of your Service Provider (available in the configuration of the IdP).

    For example, http://<host>:<port>/org.talend.administrator/ssologin in Okta and ADFS or <Connection ID> in PingFederate .

    IDP Authentication Plugin

    Select the Identity Provider from Okta, ADFS, ADFS3, ADFS4 PingFederate, Keycloak, SiteMinder, NetIQ and Custom plugin in the drop-down list.

    If Custom plugin is selected, a Upload IDP Authentication Plugin dialog box will be shown prompting you to upload the custom Identity Provider metadata file. If Keycloak is selected, follow step 5 of this link to enable Personal Access Token.

    The jar files provided by Talend are located in the <TomcatPath>/webapps/org.talend.administrator/idp/plugins directory.

    Identity Provider Configuration

    Click Identity Provider Configuration and fill out the required information.

    Example with PingFederate:
    • PingFederate SSO URL: https://win-350n8gtg2af:9031/idp/
    • Basic Adapter Instance ID: BasicAdapter
    Example with Okta:
    • Okta Organization URL:
    • Okta Embedded URL:
    Example with AD FS 2:
    • Adfs SSO URL: https://<host>/adfs/ls
    • Adfs Basic Auth Path: auth/basic
    • Adfs SP Entity Id: https://<host>:<port>/org.talend.administrator/ssologin
    Example with AD FS 3:
    • Adfs 3 SP Entity Id:https://<host>:<port>/org.talend.administrator/ssologin
    • Adfs 3 SSO Url: https://<host>/adfs/ls
    Example with AD FS 4:
    • Adfs 4 SP Entity Id: https://<host>:<port>/org.talend.administrator/ssologin
    • Adfs 4 SSO Url: https://<host>/adfs/ls
    Example with Keycloak:
    • Keycloak IDP initiated SSO URL: http://<host>:<port>/realms/myrealm/protocol/saml/clients/tac
    • Assertion Consumer Service POST Binding URL: https://localhost:8080/org.talend.administrator/ssologin

    Use Role Mapping

    Set the value to true to map the application project types and the user roles with those defined in the Identity Provider system.

    Mapping Configuration

    Click Mapping Configuration and fill in the fields with the corresponding SAML attributes previously set in the Identity Provider system.

    Once you have defined project types/roles at the Identity Provider side, you will not be able to edit them from Talend Administration Center.

    Examples for project types:

    Examples for roles:
    • Talend Administration Center Roles
      • Administrator = tac_admin
      • Operation Manager = tac_om

      Setting the Talend Administration Center roles is mandatory.

    • Talend Data Preparation Roles
      • Administrator = dp_admin
      • Data Preparator = dp_dp
    • Talend Data Stewardship Roles
      • Data Steward = tds_ds

    Role Mappings attributes: in case of a security identifiers list, you need to change the default value for SAML attribute name (tac.role) to tokenGroups.

    The project types and roles set in the Identity Provider override the roles set in Talend Administration Center at user login.

    Redirect URL on Logout In the Redirect URL on Logout field, enter the the URL of IDP you want to redirect browser to on logout from Talend Administration Center. If this field is empty, you will be redirected to the default location of Talend Administration Center on logout.
    If your organization does not accept custom attributes in the SAML token, either:
    • Select Show Advanced Configuration in the wizard and, in Path to Value, enter the XPath expression to target the SAML value to map to the corresponding Talend Administration Center object (Project Types, Roles, Email, First Name, Last Name).

      For instance, for DI project type: /saml2p:Response/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='tac.projectType']/saml2:AttributeValue/text()

    • Set Use Role Mapping to false.

      In this case, you cannot create users manually, but the user type and the user roles can be edited in Talend Administration Center.

      When users log in for the first time, their type is No Project access.

  4. If no license or an invalid license is found during the series of checks, you are prompted to specify a license. Click Set new license.
  5. Click Browse to browse to your license file and click Upload.
    The license determines the types of users and projects you can manage in Talend Administration Center. For more information, see What domains can you work in depending on your user type and license.
  6. Upon validation of your license, Talend Administration Center runs a series of checks again, and displays the following options:
  7. Make sure all the settings are correct, then click Finalize.
    After finalizing the Database Configuration page, the option disappears form the login page. The Database Configuration page cannot be accessed anymore.
    If the license expires, you are redirected to the Database Configuration page by default, but only the license configuration option will be enabled.
    If some settings have to modified after finalization or to migrate external libraries, see Updating parameters after the configuration is finalized.
  8. Click Go to login page and type in the user credentials defined in your Identity Provider in the Login dialog box.
  9. Click Login.
    Talend Administration Center opens up on a welcome page.
    A pop-up window with a brief introduction to Talend Cloud is shown. If you are considering a move to Talend Cloud, click the link on the pop-up window for more information on the migration tools. Click Close to close the pop-up.

    The menus and menu items shown vary according to the edition of Talend Administration Center currently in use. They also vary according to your role.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!