Skip to main content

Provisioning and deprovisioning Talon.One users in Okta

This tutorial describes how to set up provisioning and deprovisioning of Talon.One users with single sign-on (SSO) using Okta.

User provisioning and deprovisioning with single sign-on allows administrators to manage user access across multiple service providers using a single identity provider, simplifying the user management process and enhancing security.

In this tutorial, the service provider is Talon.One, and the supported identity provider is Okta. For more information about Okta, see the Okta integration documentation.

Prerequisites

Creating a Management API key in Talon.One

To enable Okta to communicate with Talon.One, in Talon.One, you need to create a Management API key:

  1. On the leftmost menu, click Account > Tools > Management API keys.

  2. Click Create Key.

  3. In Key name, type a name to identify the key.

  4. In Key expiration date, select a date.

  5. In Allowed endpoints, select the /v1/provisioning/okta endpoint.

  6. Click Create Key.

  7. Copy and save the generated API key in a secure location.

    note

    You cannot display the API key after this step. If you lose the value, create a new API key.

Creating an event hook in Okta

Creating an event hook in Okta allows Talon.One to receive updates about user status changes.

To create an event hook:

  1. In the Okta Admin Console, go to Workflow > Event Hooks.
  2. Click Create Event Hook.
  3. In Name, enter a descriptive name for the event hook.
  4. In URL, enter https://yourdeployment.talon.one/v1/provisioning/okta, replacing yourdeployment to match your Talon.One base URL.
  5. In Authentication field, type Authorization.
  6. In Authentication secret, type ManagementKey-v1 {key}, replacing {key} with the API key you created in Talon.One.
  7. In Subscribe to events, select the following events:
    • User deleted
    • User deactivated
    • User assigned to app
    • User unassigned from app
  8. Click Save & Continue.
  9. In the Verify Endpoint Ownership window, click Verify.

Setting up event hook filters in Okta

Event hook filters ensure that only relevant events trigger the event hook. Without the filters for the Talon.One application, users added to other applications in Okta will also be mistakenly added to Talon.One.

Prerequisites

  • In a separate browser tab, you have opened the system log of the Talon.One application.
  • In Settings > Features, you have enabled the Event Hook Filtering feature.

Setting up the event hook filters

To set up the event hook filters for the Talon.One application:

  1. In the Okta Admin Console, in Workflow > Event Hooks, open the event hook you created.
  2. In the Filters tab, click Edit.
  3. In User unassigned from app, click Apply filter and configure the following parameters:
    • For Field, from the dropdown, select target.id.
    • For Operator, ensure eq is selected.
    • For Value, copy and paste the target.id value (without the quotes) from the Talon.One application system log.
  4. Click Add Another and configure the following parameters:
    • For Field, from the dropdown, select target.type.
    • For Operator, ensure eq is selected.
    • For Value, copy and paste the target.type value (without the quotes) from the Talon.One application system log.
  5. Repeat the previous two steps for the User assigned to app filter.
  6. Click Save.

Managing Talon.One users in Okta

After you've created the event hook and set up the filters for the Talon.One application, you can invite, disable, and delete Talon.One users directly from Okta.

Inviting Talon.One users

To invite a Talon.One user from Okta:

  1. In the Okta Admin Console, in the Talon.One application, click Assign > Assign to People.
  2. To the right of the user you want to invite, click Assign.
  3. In Username, type the name of the user you want displayed in Talon.One.
  4. Click Save & Go Back.

An invitation is sent to the user's email address with steps to sign in to Talon.One with their Okta account.

Disabling and deleting Talon.One users