Log in to Talend Administration Center.
From the Configuration page, expand the
If SSO has not been enabled yet, select true in the
Use SSO Login field.
Click Launch Upload in the IDP
metadata field and upload the Identity Provider (IdP) metadata
file you have previously downloaded from your Identity Provider system.
In the Service Provider Entity ID field, enter the
Entity ID of your Service Provider (available in the configuration of the
Click Launch Upload in the IDP Authentication
Plugin field and upload the Identity Provider metadata file you
have previously downloaded from the Identity Provider system.
The jar files provided by Talend are located in the
It is possible to rewrite the authentication code if necessary.
The Identity Provider System field changes
automatically depending on your Identity Provider system.
Click Identity Provider Configuration and fill out the
Set the Use Role Mapping field to
true to map the application project types and the
user roles with those defined in the Identity Provider system.
Once you have defined project types/roles at the Identity Provider side, you
cannot to edit them from Talend Administration Center.
Click Mapping Configuration and fill in the role/project
type fields with the corresponding SAML attributes previously set in the
Identity Provider system.
Project type examples:
- MDM = MDM
- DI = DI
- DM = DM
- NPA = NPA
Role Mappings attributes: in case of a security
identifiers list, you need to change the default value for SAML attribute name
(tac.role) to tokenGroups.
The project types and roles set in the Identity Provider override the roles set in
Talend Administration Center
at user login.
If your organization does not accept custom attributes in the SAML token,
Select Show Advanced Configuration in the wizard
and, in Path to Value, enter the XPath expression
to target the SAML value to map to the corresponding Talend Administration Center object
(Project Types, Roles,
Email, First Name,
Set Use Role Mapping to
In this case, you cannot create users manually, but the user type and
the user roles can be edited in Talend Administration Center.
When users log in for the first time, their type is No
The default login timeout is set to 120 seconds, which you can change by
adding the sso.config.clientLoginTimeout parameter with
the desired timeout to the
You are able to log in to Talend Administration Center through your Identity Provider.