Assigning Talon.One roles in Microsoft Entra ID
This tutorial describes how to assign roles to and remove them from Talon.One users with single sign-on (SSO) using Microsoft Entra ID.
This allows administrators to manage user access across multiple service providers using a single identity provider, thereby simplifying the user management process and enhancing security.
In this tutorial, the service provider is Talon.One, and the supported identity provider is Microsoft Entra ID. For more information, see the Microsoft Entra ID documentation.
Prerequisites
- You have admin rights in Microsoft Entra ID.
- You have admin rights in Talon.One.
- You have set up single sign-on with Microsoft Entra ID in Talon.One.
- You have created roles in Talon.One using a
talon.one-role-namepattern for the role name. For example,talon.one-contributorortalon.one-customer-support.
Creating a new claim in Microsoft Entra
Creating a new claim in Microsoft Entra ID sends details, such as group assignments, to Talon.One. This ensures that users get the correct access when they sign in.
To create a new claim:
- In the Microsoft Entra admin center, open the application that connects to Talon.One.
- In Identity > Applications > Enterprise applications > All applications, select your Application name.
- In Single sign-on > SAML > Attributes & Claims > Edit, click Add new claim.
- From the Manage claim view, in Name, enter
talonOneProvisioningEnabled. - In Source, select Attribute.
- In Source attribute, enter
"true". - Click Save.
You can see the new claim in the Additional Claims list.
Creating a group claim in Microsoft Entra ID
Creating a group claim in Microsoft Entra ID sends details like group assignments to Talon.One, ensuring users get the correct access when they sign in.
To create a group claim:
- In the Microsoft Entra admin center, open the application that connects to Talon.One.
- In Identity > Applications > Enterprise applications > All applications, select your Application name.
- In Single sign-on > SAML > Attributes & Claims > Edit, click Add a group claim.
- In Group Claims, configure the following parameters:
- Click Groups assigned to the application.
- In Source attribute, click Cloud-only group display names.
- In Advanced options, click Customize the name of the group claim.
- In Name, enter
talonOneRole. - Click Save.
Creating a group in Microsoft Entra ID
In Microsoft Entra ID, you can manage access roles and permissions across applications using groups. To set up access for Talon.One, create a group for each corresponding Talon.One role.
Make sure that you have assigned the applicable permissions when you created the roles in Talon.One.
To create a group in Microsoft Entra ID and assign it to a role in Talon.One:
- In the Microsoft Entra admin center, open the application that connects to Talon.One.
- Click Identity > Groups > All groups.
- Click New group:
-
In Group type, click Security.
-
In Group name, enter the exact Talon.One role name for the group you are creating, for example,
talon.one-contributor. This ensures that the group in Microsoft Entra ID is assigned to the corresponding role in Talon.One.To grant users admin access in Talon.One, create a group with a name that contains
talon.one-admin. For example, all users assigned to a group namedtalon.one-admin-clienthave admin access. -
In Membership type, click Assigned.
-
(Optional) In Members, assign users to this role.
-
Click Create.
-
- Click Identity > Applications > Enterprise applications > All applications.
- Click the Application name.
- In Users and groups, click Add user/group.
- Click None Selected and select the new group you created.
- Click Select > Assign.
Viewing roles in Microsoft Entra ID
To view Talon.One roles and assigned users in Microsoft Entra ID:
- In the Microsoft Entra admin center, open the application that connects to Talon.One.
- Click Identity > Groups > All groups.
- Select the group for which you want to see details.
- To view the members assigned to the group, click Members.
Managing roles in Microsoft Entra ID
- If you change the settings for a group or member in Microsoft Entra, log out of your Talon.One account and log back in to see the changes.
- Changes made to roles and users in your Talon.One account do not apply in Microsoft Entra.
- Each time you log in to Talon.One, the current groups and member settings in Microsoft Entra override any changes made to roles and users in Talon.One.
Editing a role
To edit a role from Microsoft Entra ID:
- In the Microsoft Entra admin center, open the application that connects to Talon.One.
- Click Identity > Groups > All groups.
- Select the group for which you want to see details.
- Click Manage > Properties.
- You can update the Group name, Group description, or Membership type. Changing the Group name and Group description updates the corresponding Talon.One role.
Assigning users to a role
To add users to a role from Microsoft Entra ID:
- In the Microsoft Entra admin center, open the application that connects to Talon.One.
- Click Identity > Groups > All groups.
- Select the group for which you want to see details.
- Click Manage > Members.
- Click Add members in the top menu.
- Select the users you want to add to the role.
- Click Select.
Removing users from a role
To remove users from a role in Microsoft Entra ID:
- In the Microsoft Entra admin center, open the application that connects to Talon.One.
- Click Identity > Groups > All groups.
- Select the group for which you want to see details.
- Click Manage > Members.
- Select the user you want to remove from the role.
- In the top menu, click Remove.
Deleting roles in Microsoft Entra ID
To delete a Talon.One role from Microsoft Entra ID:
- In the Microsoft Entra admin center, open the application that connects to Talon.One.
- Click Identity > Groups > All groups.
- Select all the groups that you want to delete.
- In the top menu, click Delete.