Configuring Talend Administration Center SSO with Okta

author
Talend Documentation Team
EnrichVersion
7.0
EnrichProdName
Talend Cloud
Talend Data Services Platform
Talend Big Data
Talend Real-Time Big Data Platform
Talend Data Integration
Talend Data Fabric
Talend MDM Platform
Talend Big Data Platform
Talend ESB
Talend Data Management Platform
task
Administration and Monitoring > Managing authorizations
EnrichPlatform
Talend Administration Center

Add the Talend Administration Center application in Okta

Procedure

  1. Log in to your Okta organization.
  2. Click the Admin button.
  3. Click Add Applications, then click the Create New App button.
  4. Select SAML 2.0, then click Create.
  5. In the General Settings step, enter a name and description for your application, for example Talend Administration Center, then click Next.
  6. Fill in the SAML Settings :

    Field

    Value

    Single sign on URL

    http://<host>:<port>/<application_name>/ssologin

    Ex:

    http://localhost:8080/org.talend.administrator/ssologin

    Audience URI(SP Entity ID)

    /ssologin

    Name ID format

    Select Email Address in the list.

    Application username

    Select Email in the list.

  7. Once you have created your application, download the Identity Provider metadata from the Sign On tab of your application.
  8. Click Next and Finish.

Define the user attributes of your application

Single-Sign On is only available for Talend Administration Center, but user information of the related applications can be centralized in Okta.

Talend allows you to manage your application user roles and user project types, including roles of Talend Administration Center, Talend Data Preparation and Talend Data Stewardship users, outside of Talend Administration Center from Okta.

Note that once Single-Sign On is enabled, you will not be able to manage from Talend Administration Center all the user settings handled by the Identity Provider, such as user passwords, project types on which users are assigned or user roles.

If you use the LDAP system to handle the SVN and Git credentials, these credentials must be edited through LDAP as Talend Administration Center will automatically retrieve the changes performed.

Procedure

  1. Select Directory > Profile Editor from the top menu.
  2. Open the user Profile corresponding to the Talend Administration Center application you have just created in Okta.
  3. In the Custom tab, click Add Attribute.
  4. Create the role attribute: In the Add Attribute window, enter the Display Name Attribute (TACRole for example), variable name (tacRole for example), and select string array in the Data type list, then click Add Attribute.
  5. Create the project type attribute: In the Add Attribute window, enter the Display Name Attribute (TACProjectType for example), variable name (tacProject for example), select string in the Data type list, define a field length (between 1 and 10 characters for example) then click Add Attribute.

Add the user attributes to your application

Procedure

  1. Select your existing application and click Edit in the SAML Settings of the General tab.
  2. In the Attribute Statements area, add four attributes tac.role, tac.projectType, firstName and lastName:

    Talend Administration Center attribute name

    SAML attribute name (Okta)

    Value

    Attribute value in user profile

    Talend Administration Center Role attribute

    tac.role

    user.tacRole

    Any string of your choice that will map the value entered in Talend Administration Center SSO Configuration

    Example:

    tac_admin (for a Talend Administration Center Administrator user)

    tac_om (for a Talend Administration Center Operation Manager user)

    dp_dm (for a Talend Administration Center Dataset Manager user)

    Talend Administration Center Project attribute

    tac.projectType

    user.tacProject

    Either, DI (Data Integration), DQ (Data Management), MDM (Master Data Management) or NPA (No Project Access)

    Optional (if not set, the email address login will be used) - First Name

    firstName

    user.firstName

    User first name

    Optional (if not set, the email address login will be used) - Last Name

    lastName

    user.lastName

    User last name

Define the user information and assign the user to the application

Procedure

  1. Select Directory > People from the top menu.
  2. Select the user you want to edit then go to the Profile tab to edit this user.
  3. Set the desired roles values (the same role and project type values will have to be used in the Talend Administration Center SSO configuration), and click Add Another to add several user roles.
    Do the same for the project type value ((Either, DI (Data Integration), DQ (Data Management), MDM (Master Data Management) or NPA (No Project Access)).
  4. Open the People tab in a new browser tab and click Assign to People.
  5. Enter the username(s) and email address(es) of the person(/people) you want to assign to the application.
    Once your application and users are set in Okta, you need to link the Identity Provider to Talend Administration Center in order to retrieve the user information you have defined.