Provisioning and deprovisioning Talon.One users in Microsoft Entra ID
This tutorial describes how to set up provisioning and deprovisioning of Talon.One users with single sign-on (SSO) using Microsoft Entra ID.
User provisioning and deprovisioning with single sign-on allows administrators to manage user access across multiple service providers using a single identity provider, simplifying the user management process and enhancing security.
In this tutorial, the service provider is Talon.One, and the supported identity provider is Microsoft Entra ID (formerly known as Azure AD). For more information about Microsoft Entra ID, see the Microsoft Entra integration documentation.
Prerequisites
- You have set up single sign-on with Microsoft Entra ID in Talon.One.
- You have admin rights in Microsoft Entra ID.
- You have admin rights in Talon.One.
Creating a Management API key in Talon.One
To enable Microsoft Entra ID to communicate with Talon.One, in Talon.One, you need to create a Management API key:
-
On the leftmost menu, click Account > Tools > Management API keys.
-
Click Create Key.
-
In Key name, type a name to identify the key.
-
In Key expiration date, select a date.
-
In Allowed endpoints, type
/v1/provisioning/scim/
and click Select all. This selects all 5 endpoints the key should give access to. -
Click Create Key.
-
Copy and save the generated API key in a secure location.
noteYou cannot display the API key after this step. If you lose the value, create a new API key.
Setting up provisioning in Microsoft Entra ID
The next step is to set up provisioning for the Talon.One application. To do this:
- In the Microsoft Entra admin center, in the Talon.One application, click Provisioning.
- Click Get started.
- For Provisioning mode, from the dropdown menu, select Automatic.
- In Tenant URL, type
https://yourdeployment.talon.one/v1/provisioning/scim
, replacingyourdeployment
with your Talon.One base URL. - In Secret Token, type
apikey:{key}
, replacing{key}
with the API key you created in Talon.One. - (Optional) To test your connection, click Test Connection.
- Click Save.
After provisioning is set up, on the Provisioning page, click Overview > Start provisioning.
Provisioning and deprovisioning of Talon.One users is immediately enabled in Microsoft Entra ID. You can change the provisioning status at any time.
Managing Talon.One users in Microsoft Entra ID
After you've set up provisioning for the Talon.One application, you can invite and disable Talon.One users directly from Microsoft Entra ID.
Inviting Talon.One users
To invite a Talon.One user from Microsoft Entra ID:
- In the Microsoft Entra admin center, in the Talon.One application, go to Users and groups.
- Click Add user/group.
- Click None selected and select the user to invite to Talon.One.
- Click Select > Assign.
An invitation is sent to the user's email address with steps to sign in to Talon.One with their Microsoft Entra user account. Provisioning is performed in cycles, so this may take up to several hours.
To immediately invite a user or group of users to Talon.One, use on-demand provisioning.
Disabling Talon.One users
To disable a Talon.One user from Microsoft Entra ID, follow the steps to unassign users from an application.
You can only disable but not delete Talon.One users directly from Microsoft Entra ID.