Creating SP Connections - Cloud

Talend Cloud Single Sign-On (SSO) Configuration Guide
Version
Cloud
Language
English
Product
Talend Cloud
Module
Talend Management Console
Content
Administration and Monitoring > Managing users
Last publication date
2024-03-05

Procedure

  1. Go to the Identity Provider tab.
  2. Under SP Connections, click Create New.
  3. On the Connection Type tab, leave the default connection template selected and click Next.
  4. On the Connection Options tab, leave the default option and click Next.
  5. On the Import Metadata tab, select None and click Next.
  6. On the General Info tab, fill in the Partner's Entity ID, Connection Name, and Base URL fields, then click Next.
    Use your Talend Cloud SSO URL for the Partner's Entity ID and Base URL fields. This URL should read like https://iam.<env>.cloud.talend.com/oidc/ssologin, where <env> is the name of your Cloud region, for example:
    • US data center: https://iam.us.cloud.talend.com/oidc/ssologin
    • EU data center: https://iam.eu.cloud.talend.com/oidc/ssologin
    • Asia-Pacific data center: https://iam.ap.cloud.talend.com/oidc/ssologin
    For further information about the available regions, see the Single sign-on configuration URL row of each region at Talend Cloud regions and URLs.
    When setting up SSO for multiple accounts (multiple tenants) on Talend Management Console, use their account IDs to define the unique entity ID of each account. For example, the entity ID for the AWS US region becomes https://iam.us.cloud.talend.com/oidc/ssologin/<your_account_ID>. Remember to perform the SSO setup individually for each tenant using their respective account IDs. This federates these tenants into a single SSO authentication system.
    Note: The account federation mentioned is exclusive to SSO authentication. The Talend Management Console objects, such as environments and workspaces, remain specific to each tenant and cannot be shared across tenancies.

    You can find the account ID on the Subscription page of your Talend Management Console.

    In this example, the Partner's Entity ID is https://iam.at.cloud.talend.com/oidc/ssologin, the Connection Name is TMCCLOUD, and the Base URL is https://iam.at.cloud.talend.com/oidc/ssologin. The Logging mode is Standard.
  7. On the Browser SSO tab, click Configure Browser SSO and configure the SSO.
    For instructions, see the dedicated section.
  8. After configuring the browser SSO, click Next.
  9. On the Credentials tab, click Configure Credentials and configure the credentials.
    For instructions, see the dedicated section.
  10. After configuring the credentials SSO, click Next.
  11. On the Activation & Summary tab, select Active in the Connection Status field.
    Take note of the SSO Application Endpoint address.
  12. Verify the rest of the information, then click Save.