Skip to main content

Provisioning and deprovisioning Talon.One users in Microsoft Entra ID

This tutorial describes how to set up provisioning and deprovisioning of Talon.One users with single sign-on (SSO) using Microsoft Entra ID.

User provisioning and deprovisioning with single sign-on allows administrators to manage user access across multiple service providers using a single identity provider, simplifying the user management process and enhancing security.

In this tutorial, the service provider is Talon.One, and the supported identity provider is Microsoft Entra ID (formerly known as Azure AD). For more information about Microsoft Entra ID, see the Microsoft Entra integration documentation.

Prerequisites

Creating a Management API key in Talon.One

To enable Microsoft Entra ID to communicate with Talon.One, in Talon.One, you need to create a Management API key:

  1. On the leftmost menu, click Account > Tools > Management API keys.

  2. Click Create Key.

  3. In Key name, type a name to identify the key.

  4. In Key expiration date, select a date.

  5. In Allowed endpoints, type /v1/provisioning/scim/ and click Select all. This selects all five endpoints the key should give access to.

  6. Click Create Key.

  7. Copy and save the generated API key in a secure location.

    note

    You cannot display the API key after this step. If you lose the value, create a new API key.

Setting up provisioning in Microsoft Entra ID

The next step is to set up provisioning for the Talon.One application. To do this:

  1. In the Microsoft Entra admin center, in the Talon.One application, click Provisioning.
  2. Click Get started.
  3. For Provisioning mode, from the dropdown menu, select Automatic.
  4. In Tenant URL, type https://yourdeployment.talon.one/v1/provisioning/scim, replacing yourdeployment with your Talon.One base URL.
  5. In Secret Token, type apikey:{key}, replacing {key} with the API key you created in Talon.One.
  6. (Optional) To test your connection, click Test Connection.
  7. Click Save.

After provisioning is set up, on the Provisioning page, click Overview > Start provisioning.

Provisioning and deprovisioning of Talon.One users is immediately enabled in Microsoft Entra ID. You can change the provisioning status at any time.

Managing Talon.One users in Microsoft Entra ID

After you've set up provisioning for the Talon.One application, you can invite and disable Talon.One users directly from Microsoft Entra ID.

Inviting Talon.One users

To invite a Talon.One user from Microsoft Entra ID:

  1. In the Microsoft Entra admin center, in the Talon.One application, go to Users and groups.
  2. Click Add user/group.
  3. Click None selected and select the user to invite to Talon.One.
  4. Click Select > Assign.

An invitation is sent to the user's email address with steps to sign in to Talon.One with their Microsoft Entra user account. Provisioning is performed in cycles, so this may take up to several hours.

tip

To immediately invite a user or group of users to Talon.One, use on-demand provisioning.

Disabling Talon.One users

To disable a Talon.One user from Microsoft Entra ID, follow the steps to unassign users from an application.

note

You can only disable but not delete Talon.One users directly from Microsoft Entra ID.