Assigning Talon.One roles in Microsoft Entra ID

This tutorial describes how to assign roles to and remove them from Talon.One users with single sign-on (SSO) using Microsoft Entra ID.

This allows administrators to manage user access across multiple service providers using a single identity provider, thereby simplifying the user management process and enhancing security.

In this tutorial, the service provider is Talon.One, and the supported identity provider is Microsoft Entra ID. For more information, see the Microsoft Entra ID documentation.

Prerequisites

• You have admin rights in Microsoft Entra ID.
• You have admin rights in Talon.One.
• You have set up single sign-on with Microsoft Entra ID in Talon.One.
• You have created roles in Talon.One using a talon.one-role-name pattern for the role name. For example, talon.one-contributor or talon.one-customer-support.

Creating a new claim in Microsoft Entra

Creating a new claim in Microsoft Entra ID sends details, such as group assignments, to Talon.One. This ensures that users get the correct access when they sign in.

To create a new claim:

1. In the Microsoft Entra admin center, open the application that connects to Talon.One.
2. In Identity > Applications > Enterprise applications > All applications, select your Application name.
3. In Single sign-on > SAML > Attributes & Claims > Edit, click Add new claim.
4. From the Manage claim view, in Name, enter talonOneProvisioningEnabled.
5. In Source, select Attribute.
6. In Source attribute, enter "true".
7. Click Save.

You can see the new claim in the Additional Claims list.

Creating a group claim in Microsoft Entra ID

Creating a group claim in Microsoft Entra ID sends details like group assignments to Talon.One, ensuring users get the correct access when they sign in.

To create a group claim:

1. In the Microsoft Entra admin center, open the application that connects to Talon.One.
2. In Identity > Applications > Enterprise applications > All applications, select your Application name.
3. In Single sign-on > SAML > Attributes & Claims > Edit, click Add a group claim.
4. In Group Claims, configure the following parameters:
   • Click Groups assigned to the application.
   • In Source attribute, click Cloud-only group display names.
   • In Advanced options, click Customize the name of the group claim.
   • In Name, enter talonOneRole.
   • Click Save.

Creating a group in Microsoft Entra ID

In Microsoft Entra ID, you can manage access roles and permissions across applications using groups. To set up access for Talon.One, create a group for each corresponding Talon.One role.

important

Make sure that you have assigned the applicable permissions when you created the roles in Talon.One.

To create a group in Microsoft Entra ID and assign it to a role in Talon.One:

1. In the Microsoft Entra admin center, open the application that connects to Talon.One.
2. Click Identity > Groups > All groups.
3. Click New group:

   • In Group type, click Security.

   • In Group name, enter the exact Talon.One role name for the group you are creating, for example, talon.one-contributor. This ensures that the group in Microsoft Entra ID is assigned to the corresponding role in Talon.One.

     To grant users admin access in Talon.One, create a group with a name that contains talon.one-admin. For example, all users assigned to a group named talon.one-admin-client have admin access.

   • In Membership type, click Assigned.

   • (Optional) In Members, assign users to this role.

   • Click Create.

4. Click Identity > Applications > Enterprise applications > All applications.
5. Click the Application name.
6. In Users and groups, click Add user/group.
7. Click None Selected and select the new group you created.
8. Click Select > Assign.

Viewing roles in Microsoft Entra ID

To view Talon.One roles and assigned users in Microsoft Entra ID:

1. In the Microsoft Entra admin center, open the application that connects to Talon.One.
2. Click Identity > Groups > All groups.
3. Select the group for which you want to see details.
4. To view the members assigned to the group, click Members.

Managing roles in Microsoft Entra ID

Editing a role

To edit a role from Microsoft Entra ID:

1. In the Microsoft Entra admin center, open the application that connects to Talon.One.
2. Click Identity > Groups > All groups.
3. Select the group for which you want to see details.
4. Click Manage > Properties.
5. You can update the Group name, Group description, or Membership type. Changing the Group name and Group description updates the corresponding Talon.One role.

Assigning users to a role

To add users to a role from Microsoft Entra ID:

1. In the Microsoft Entra admin center, open the application that connects to Talon.One.
2. Click Identity > Groups > All groups.
3. Select the group for which you want to see details.
4. Click Manage > Members.
5. Click Add members in the top menu.
6. Select the users you want to add to the role.
7. Click Select.

Removing users from a role

To remove users from a role in Microsoft Entra ID:

1. In the Microsoft Entra admin center, open the application that connects to Talon.One.
2. Click Identity > Groups > All groups.
3. Select the group for which you want to see details.
4. Click Manage > Members.
5. Select the user you want to remove from the role.
6. In the top menu, click Remove.

Deleting roles in Microsoft Entra ID

To delete a Talon.One role from Microsoft Entra ID:

1. In the Microsoft Entra admin center, open the application that connects to Talon.One.
2. Click Identity > Groups > All groups.
3. Select all the groups that you want to delete.
4. In the top menu, click Delete.

Related pages

• Setting up single sign-on with Microsoft Entra ID
• Provisioning and deprovisioning Talon.One users in Microsoft Entra ID