Using SSO to log in to Talend Administration Center - 7.3

Talend Administration Center User Guide
Version
7.3
Language
English
Product
Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
Module
Talend Administration Center
Content
Administration and Monitoring
Last publication date
2024-02-20

Procedure

  1. On the Talend Administration Center, click Go to db config page.
  2. Type in the administrator password (admin by default) in the Database Configuration page and click OK.
    If you want to change the default password that allows you to change the database configuration (recommended), you have to edit the database.config.password parameter value in the configuration.properties file. For more information, see Change the default password used to configure the database.
    After the first connection, the node.identifier property is added in the configuration.properties file, identifying the Talend Administration Center instance connected to the database. The node ID is also shown at the bottom of the tree view of Talend Administration Center.
  3. Click the SSO node, configure it, then click Save to save your changes in the database:

    Field

    Value

    IDP metadata

    Click Launch Upload and upload the Identity Provider metadata file you have previously downloaded from the Identity Provider system.
    Service Provider Entity ID

    Enter the Entity ID of your Service Provider (available in the configuration of the IdP).

    For example, http://<host>:<port>/org.talend.administrator/ssologin in Okta and ADFS, or <Connection ID> in PingFederate.

    IDP Authentication Plugin

    Select the Identity Provider from Okta, ADFS, ADFS3, ADFS4 PingFederate, SiteMinder and Custom plugin in the drop-down list. If Custom plugin is selected, a Upload IDP Authentication Plugin dialog box will be shown prompting you to upload the custom Identity Provider metadata file.

    The jar files provided by Talend are located in the <TomcatPath>/webapps/org.talend.administrator/idp/plugins directory.

    Identity Provider Configuration

    Click Identity Provider Configuration and fill out the required information.

    Example with PingFederate:
    • PingFederate SSO URL: https://win-350n8gtg2af:9031/idp/startSSO.ping?PartnerSpld=TAC701
    • Basic Adapter Instance ID: BasicAdapter
    Example with Okta:
    • Okta Organization URL: https://dev-515956.okta.com
    • Okta Embedded URL: https://dev-515956.oktapreview.com/home/talenddev515956_talendadministrationcenter_1/0oacvlcac5j52hFhP0h7/alncvlmpk1VXbYAGu0h7
    Example with AD FS 2:
    • Adfs SSO URL: https://<host>/adfs/ls
    • Adfs Basic Auth Path: auth/basic
    • Adfs SP Entity Id: https://<host>:<port>/org.talend.administrator/ssologin
    Example with AD FS 3:
    • Adfs 3 SP Entity Id:https://&lt;host&gt;:&lt;port&gt;/org.talend.administrator/ssologin
    • Adfs 3 SSO Url: https://<host>/adfs/ls
    Example with AD FS 4:
    • Adfs 4 SP Entity Id: https://<host>:<port>/org.talend.administrator/ssologin
    • Adfs 4 SSO Url: https://<host>/adfs/ls

    Use Role Mapping

    Set the value to true to map the application project types and the user roles with those defined in the Identity Provider system.

    Mapping Configuration

    Click Mapping Configuration and fill in the fields with the corresponding SAML attributes previously set in the Identity Provider system.

    Once you have defined project types/roles at the Identity Provider side, you will not be able to edit them from Talend Administration Center.

    Examples for project types:

    • MDM=MDM; DI = DI; DQ=DQ; NPA=NPA
    Examples for roles:
    • Talend Administration Center Roles
      • Administrator = tac_admin
      • Operation Manager = tac_om

      Setting the Talend Administration Center roles is mandatory.

    • Talend Data Preparation Roles
      • Administrator = dp_admin
      • Data Preparator = dp_dp
    • Talend Data Stewardship Roles

      • Data Steward = tds_ds

    Role Mappings attributes: in case of a security identifiers list, you need to change the default value for SAML attribute name (tac.role) to tokenGroups.

    The project types and roles set in the Identity Provider override the roles set in Talend Administration Center at user login.
    Redirect URL on Logout In the Redirect URL on Logout field, enter the the URL of IDP you want to redirect browser to on logout from Talend Administration Center. If this field is empty, you will be redirected to the default location of Talend Administration Center on logout.
    If your organization does not accept custom attributes in the SAML token, either:
    • Select Show Advanced Configuration in the wizard and, in Path to Value, enter the XPath expression to target the SAML value to map to the corresponding Talend Administration Center object (Project Types, Roles, Email, First Name, Last Name).

      For instance, for DI project type: /saml2p:Response/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='tac.projectType']/saml2:AttributeValue/text()

    • Set Use Role Mapping to false.

      In this case, you cannot create users manually, but the user type and the user roles can be edited in Talend Administration Center.

      When users log in for the first time, their type is No Project access.

  4. If no license or an invalid license is found during the series of checks, you are prompted to specify a license. Click Set new license.
  5. Click Browse to browse to your license file and click Upload.
    The license determines the types of users and projects you can manage in Talend Administration Center. For more information, see What domains can you work in depending on your user type and license.
  6. Upon validation of your license, Talend Administration Center runs a series of checks again, and displays the following options:
    • Set new license: allows you to set a new license by repeating the previous step.
    • Validate your license manually: allows you to validate the loaded license. For more information, see Generating a validation request.
    • Project Check: allows you to migrate existing projects to your new Talend Administration Center.
    • Transfer libraries: allows you to move external libraries stored on SVN (deprecated) or Nexus to the official Nexus repository where libraries are stored. For more information, see Migrating external libraries.
  7. Make sure all the settings are correct, then click Finalize.
    After finalizing the Database Configuration page, the option disappears form the login page. The Database Configuration page cannot be accessed anymore.
    If the license expires, you are redirected to the Database Configuration page by default, but only the license configuration option will be enabled.
    If some settings have to modified after finalization or to migrate external libraries, see Updating parameters after the configuration is finalized.
  8. Click Go to login page and type in the user credentials defined in your Identity Provider in the Login dialog box.
  9. Click Login.
    Talend Administration Center opens up on a welcome page.
    A pop-up window with a brief introduction to Talend Cloud is shown. If you are considering a move to Talend Cloud, click the link on the pop-up window for more information on the migration tools. Click Close to close the pop-up.

    The menus and menu items shown vary according to the edition of Talend Administration Center currently in use. They also vary according to your role.