Configuring Talend Administration Center SSO with Okta - 7.2

author
Talend Documentation Team
EnrichVersion
7.2
EnrichProdName
Talend Big Data
Talend Big Data Platform
Talend Cloud
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
task
Administration and Monitoring > Managing authorizations
EnrichPlatform
Talend Administration Center

Add Talend Administration Center in Okta

This article explains the process to configure Talend Administration Center in Single Sign-on (SSO) mode.

SSO is an authentication process that allows you to access multiple applications with one set of login credentials.

About this task

These steps show how to add SAML 2.0 in Okta.

Procedure

  1. Log in to your Okta organization.
  2. Click the Admin button.
  3. Click Add Applications, then click the Create New App button.
  4. Select SAML 2.0, then click Create.
  5. In the General Settings step, enter a name and description for your application, for example Talend Administration Center, then click Next.
  6. Fill in the SAML Settings :

    Field

    Value

    Single sign on URL

    http://<host>:<port>/<application_name>/ssologin

    Ex:

    http://localhost:8080/org.talend.administrator/ssologin

    Audience URI(SP Entity ID)

    http://<host>:<port>/<application_name>/ssologin

    Ex:

    http://localhost:8080/org.talend.administrator/ssologin

    Name ID format

    Select Email Address in the list.

    Application username

    Select Email in the list.

    Update application username on

    Select Create and Update in the list.

  7. Click on Show Advance Settings and configure it as per your organization security requirements.
  8. Click Next and Finish to open a Sign On page where you can download Identity Provider metadata.
  9. Right-click on the page and save this metadata file as metadata.xml.
    This file is needed later while configuring Talend Administration Center.

Define the user attributes of your application

SSO is only available for Talend Administration Center, but user information of the related applications can be centralized in Okta.

Talend allows you to manage your application user roles and user project types, including roles of Talend Administration Center, Talend Data Preparation and Talend Data Stewardship users, outside of Talend Administration Center from Okta.

Note that once Single-Sign On is enabled, you will not be able to manage from Talend Administration Center all the user settings handled by the Identity Provider, such as user passwords, project types on which users are assigned or user roles.

If you use the LDAP system to handle the SVN and Git credentials, these credentials must be edited through LDAP as Talend Administration Center will automatically retrieve the changes performed.

Procedure

  1. From the Okta top menu, select Directory > Profile Editor.
  2. Open the user Profile corresponding to the Talend Administration Center application you have just created in Okta.
  3. In the Custom tab, click Add Attribute.
  4. Create the role attribute: In the Add Attribute window, enter the Display Name Attribute (TACRole for example), variable name (tacRole for example), and select string array in the Data type list, then click Add Attribute.
  5. Create the project type attribute: In the Add Attribute window, enter the Display Name Attribute (TACProjectType for example), variable name (tacProject for example), select string in the Data type list, define a field length (between 1 and 10 characters for example) then click Add Attribute.

Add the user attributes to your application

Procedure

  1. Select your existing application and click Edit in the SAML Settings of the General tab.
  2. In the Attribute Statements area, add the four attributes tac.role, tac.projectType, firstName and lastName:

    Talend Administration Center attribute name

    SAML attribute name (Okta)

    Value

    Attribute value in user profile

    Talend Administration Center Role attribute

    tac.role

    user.tacRole

    Any string of your choice that will map the value entered in Talend Administration Center SSO Configuration

    Example:

    tac_admin (for a Talend Administration Center Administrator user)

    tac_om (for a Talend Administration Center Operation Manager user)

    dp_dm (for a Talend Administration Center Dataset Manager user)

    Talend Administration Center Project attribute

    tac.projectType

    user.tacProject

    Either, DI (Data Integration), DQ (Data Management), MDM (Master Data Management) or NPA (No Project Access)

    Optional (if not set, the email address login will be used) - First Name

    firstName

    user.firstName

    User first name

    Optional (if not set, the email address login will be used) - Last Name

    lastName

    user.lastName

    User last name

Define the user information and assign the user to the application

Procedure

  1. From the Okta top menu, select Directory > People.
  2. Select the user you want to edit then go to the Profile tab.
    You can decide to add a new user and assign him/her the desired roles.
  3. Set the desired roles values and click Add Another to add several user roles.
    Note: You must use the same role and project type values in Talend Administration Center SSO configuration.
    Do the same for the project type value ((Either, DI (Data Integration), DQ (Data Management), MDM (Master Data Management) or NPA (No Project Access)).
  4. Open the People view in a new browser tab and click Assign to People.
  5. Enter the username(s) and email address(es) of the person(/people) you want to assign to the application.
    The assigned applications will be shown on the user applications page.
    Once your application and users are set in Okta, you need to link the Identity Provider to Talend Administration Center in order to retrieve the user information you have defined.

Configure Talend Administration Center

Procedure

  1. Log in to Talend Administration Center and open the Configuration page.
  2. Expand SSO and set Use SSO login to true.
  3. Click IDP metadata > Launch upload.
  4. Select the metadata.xml file you saved earlier and click on Upload.
  5. Enter the other parameters as below:

    Field

    Value

    Service Provider Entity ID

    http://<host>:<port>/<application_name>/ssologin

    Ex:

    http://localhost:8080/org.talend.administrator/ssologin

    IDP Authentication Plugin

    Okta

    Identity Provider Configuration

    • Okta Organization URL: Enter your Okta organization URL.
    • Okta embedded URL: To know the embedded URL of your account, navigate to the General tab and scroll down to the App Embed Link section.

    Copy the Embed link and paste it in the Okta Embeded URL field, then click Save.

    Use Role Mapping

    true.

    Mapping Configuration

    Fill in the TAC project types and Roles Mappings settings.

  6. To test the SSO for the newly created user, log in to this user Okta account.
    Talend Administration Center is listed in the user organization Okta portal and you can access it anytime by clicking the icon.

Manage the remote connection in Studio

Procedure

  1. Launch your Studio and click Manage Connections.
  2. Create a new Talend Administration Center remote connection.
  3. Click Check url to make sure your connection is successful then click OK.
    A list of all the projects you have access to is displayed.
  4. Click a project to log in to Studio.