Configuring Azure AD Single Sign-On - Cloud

Talend Cloud Single Sign-On (SSO) Configuration Guide

Version
Cloud
Language
English (United States)
Product
Talend Cloud
Module
Talend Management Console
Content
Administration and Monitoring > Managing users

Procedure

  1. Go to the All applications view of Azure Active Directory on the Azure portal and select the application created earlier for Talend Cloud Management Console.
  2. Select Single sign-on.
  3. On the Select a single sign-on method dialog, select SAML.
  4. On the Set up Single Sign-On with SAML page, click the Edit icon in the Basic SAML Configuration section.
  5. Specify an Identifier and the Reply URL in the Basic SAML Configuration section and next to the Identifier check box, select the default check box to set Talend Cloud SSO URL as the default value.
    • Identifier (Entity ID): Talend Cloud SSO URL. For example:
      • AWS: https://iam.us.cloud.talend.com/oidc/ssologin
      • Azure: https://iam.us-west.cloud.talend.com/oidc/ssologin
      This identifier must be unique in your organization.

      When you need to set up SSO for multiple accounts (multiple tenants) on Talend Cloud Management Console, use their account IDs to define the unique entity ID of each account. For example, the entity ID for the AWS US region above becomes https://iam.us.cloud.talend.com/oidc/ssologin/<your_account_ID>.

      You can find the account ID on the Subscription page of your Talend Management Console.

    • Reply URL: Talend Cloud SSO URL. For example:
      • AWS: https://iam.us.cloud.talend.com/oidc/ssologin
      • Azure: https://iam.us-west.cloud.talend.com/oidc/ssologin

    Do not set the other parameters.

  6. Click Save.
  7. Edit the User Attributes & Claims to include the attributes required in Talend Cloud Management Console.

    Talend Cloud Management Console requires the following attributes:

    • emailaddress: enter user.mail
    • givenname: enter user.givenname
    • surname: enter user.surname
    • TalendCloudDomainName, enter mydomain.talend.com within double qotation marks, for example, "eval12345.talend.com". The value of the TalendCloudDomainName attribute is your Talend Cloud account name. You can find the account name in the Domain field of the Subscription page of your Talend Management Console.
  8. On the Set up Single Sign-On with SAML page, go to the SAML Signing Certificate section and download the Federation Metadata XML file.

    The downloaded metadata.xml file must specify a NameIDFormat. If this is not the case, add the following line to the file: <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>

  9. Copy the Azure AD Identifier URL.
    This URL will have to be provided in Talend Cloud Management Console to enable SSO.

What to do next

Before being able to validate the configured application, you need to enable SSO from Talend Cloud Management Console using the URL you copied and the downloaded metadata file.