Skip to main content

Assigning Talon.One roles in Okta

This tutorial describes how to assign roles to and remove them from Talon.One users with single sign-on (SSO) using Okta.

This allows administrators to manage user access across multiple service providers using a single identity provider, thereby simplifying the user management process and enhancing security.

In this tutorial, the service provider is Talon.One, and the supported identity provider is Okta. For more information about Okta, see the Okta integration documentation.

tip

You can also assign Talon.One roles using Microsoft Entra ID as your identity provider. For assistance, contact our support team.

Prerequisites

  • You have admin rights in Okta.
  • You have admin rights in Talon.One.
  • You have set up single sign-on with Okta in Talon.One.
  • You have created roles in Talon.One using a talon.one-role-name pattern for the role name. For example, talon.one-contributor or talon.one-customer-support.

Creating groups in Okta

In Okta, roles and permissions across applications are managed using groups. To set up access for Talon.One, you should create a group for each corresponding Talon.One role.

To create a group:

  1. In the Okta Admin Console, open Directory > Groups.
  2. Click Add group.
  3. In Name, enter the exact Talon.One role name for the group you are creating, for example, talon.one-contributor. This ensures that the group in Okta is mapped to the corresponding role in Talon.One.
  4. (Optional) In Description, enter a description for the group.
  5. Click Save.
important

To give users admin rights only in Talon.One, in Okta, create a group named talon.one-admin. Any users added to this group are automatically assigned the Admin role in Talon.One.

Creating a group attribute statement in Okta

Creating a user attribute statement in Okta sends user details like group assignments to Talon.One, ensuring users get the correct access when they sign in.

To create a group attribute statement:

  1. In the Okta Admin Console, open the application that is connected to Talon.One.
  2. In the General tab, in SAML Settings, click Edit.
  3. Click Configure SAML.
  4. In Group Attribute Statements, configure the following parameters:
    • In Name, enter talonOneRole.
    • For Name format, select Unspecified.
    • For Filter, select Starts with and enter talon.one.
  5. Click Next > Finish.

Assigning user roles

After setting up the groups and attribute statement, you can assign Talon.One roles to users by adding them to the corresponding Okta groups.

important

Assigning roles to a user in Okta replaces any roles they already have in Talon.One after they sign in using SSO.

Assigning roles to a user

To assign one or more Talon.One roles to a user:

  1. In the Okta Admin Console, open Directory > People.
  2. Select the user you want to assign the roles to.
  3. In Groups, in the search bar, enter talon.one and select the groups you want to add the user to. Each group should correspond to a role in Talon.One.

Any changes to the assigned roles are applied when the user signs in to Talon.One with their Okta account.

Assigning a role to multiple users

To assign a Talon.One role to multiple users:

  1. In the Okta Admin Console, open Directory > Groups.
  2. Select the group you want to add users to. Each group should correspond to a role in Talon.One.
  3. Click Assign people.
  4. To the right of each user you want to add to the group, click +.

Any changes to the assigned roles are applied when the users sign in to Talon.One with their Okta account.

tip

You can also assign a role to multiple users from the Assignments tab of the Talon.One application in Okta.

Removing a role from a user

To remove a Talon.One role from a user, remove the user from the corresponding Okta group. For details, see the Okta documentation.