Mapping roles between SSO and Talend Cloud
Before you begin
- You have defined roles on your SSO platform, as explained in the documentation of
your SSO provider, for example,
- https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-apps for Azure
- https://developer.okta.com/docs/concepts/role-assignment/ for Okta
When you configure Talend Management Console as an application in your SSO provider system, as explained in the following point, ensure to add these roles, separated with commas, for example, Developer,Administrator, to a CustomerRoles user attribute.
- You have configured your application in the system of your SSO provider and enabled
SSO from Talend Management Console.
For example,
- see Configuring SSO with Azure Active Directory for Azure
- see Configuring SSO with Okta for Okta
- The user or service account to be used to issue the API request must have the TMC_SSO_MANAGEMENT permission.
-
Generate access tokens:
- For users, generate a personal access token by following Generating a Personal Access Token.
- For service accounts, generate a service access token by following Generating a service account token.
Once generated, a service account token expires after 30 minutes. If it expires, generate a new token using the POST method at the endpoint https://api.<env>.cloud.talend.com/security/oauth/token. For more information about generating a token, see Generating a service account token.
About this task
Procedure
Example
method: POST
endpoint: https://api.<env>.cloud.talend.com/security/role-mappings
headers: {
"Content-Type": "application/json",
"Authorization": "Bearer <your_personal_access_token_or_service_account_token>"
}
payload: {
[
{
"name":"Developer",
"roles":[
"API Tester",
"API Designer"
]
},
{
"name":"Administrator",
"roles":[
"Operator"
]
}
]
}
Regarding the Talend Cloud roles, you can access the predefined list of roles, add new roles, manage role permissions, and assign roles to users in in Talend Management Console. For further information, see Managing Roles.
Results
Note that for any given user, the roles assigned using this role mapping override those assigned using Just-in-time user provisioning, a classic user identity provisioning option provided in Talend Management Console.
Did this page help you?
If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!