Skip to main content

Setting up single sign-on with Google

This tutorial describes how to connect Talon.One to Google to allow users to sign in to Talon.One directly from their Google account using single sign-on (SSO).

Single sign-on allows users to access many service providers using a single username and password by relying on a single identity provider.

In this tutorial, the service provider is Talon.One, and the supported identity provider is Google. For more information about Google, see the Google integration documentation.

important

Before you start, ensure you have read Setting up single sign-on to understand how it impacts your organization.

Prerequisites

Important

Always keep one non-SSO admin user on the identity provider side.

Creating a Talon.One app in Google

To connect Google to Talon.One, first create an app in Google:

  1. Sign in to your Google account.
  2. In the Admin console, open Menu > Apps > Web and mobile apps.
  3. Click Add app > Add custom SAML app.
  4. Choose a name for the app, for example Talon.One.
  5. Enter other app details if needed, then click Continue.

A Google Identity Provider details page opens. Keep this page open in your browser.

Configuring Talon.One for single sign-on

Let's use some of the information provided by Google to configure Talon.One.

  1. In a different browser tab, sign in to Talon.One and click Account > Organization > Single Sign-On.

  2. Type a name in the Connection name field, for example, Google.

  3. Select either Use a URL and a certificate or Use an identity provider (IdP) file.

  4. If you selected Use a URL and a certificate:

    • Copy the value of the SSO URL field provided by Google and paste it into the Sign-on URL field.
    • Copy the value of the Entity ID field provided by Google and paste it into the Issuer URL field.
    • Copy the value of the Certificate field provided by Google and paste it into the SSO certificate field.

  5. If you selected Use an identity provider (IdP) file:

    • In Google, download the IdP metadata file.
    • In Talon.One, click Choose XML and select the XML file you downloaded in the previous step.

  6. (Optional) Select the Enforce single sign-on checkbox to enforce single sign-on for all users of your organization.

    important

    Enforcing single sign-on is a permanent action. When single sign-on is enforced, users of your organization can sign in to Talon.One only with the domains specified in the setup.

    Enforce single sign-on only when you are sure that the setup is correct and signing in works as expected.

  7. Click Enable Single Sign-On.

Configuring Google as an identity provider

To finish setting up single sign-on for the Talon.One app in Google:

  1. On the Google Identity Provider details page, click Continue.
  2. Copy the value of the Assertion Consumer Service URL (ACS) field provided by Talon.One and paste it into the following fields:
    • ACS URL
    • Entity ID
  3. Select the Signed response checkbox to indicate that Talon.One requires the entire SAML authentication response to be signed.
  4. Click Continue > Finish.

You can now turn on the Talon.One app for all users of your organization to allow them to connect to Talon.One with their Google account.

Using single sign-on with Talon.One

To sign in to Talon.One directly from your Google account:

  1. Open your Talon.One deployment.

  2. At the bottom of the Talon.One sign-in page, click Google.

    note

    The single sign-on button name on the Talon.One sign-in page matches the Connection name that was entered while configuring Talon.One for single sign-on.

  3. On the Google page you are redirected to, sign in to your Google account.

After you sign in to your Google account, you are redirected back to Talon.One.