Skip to main content

Setting up single sign-on with Microsoft Entra ID

This tutorial describes how to connect Talon.One to Microsoft Entra ID to allow users to sign in to Talon.One directly from their Microsoft Entra user account using single sign-on (SSO).

Single sign-on allows users to access many service providers using a single username and password by relying on a single identity provider.

In this tutorial, the service provider is Talon.One, and the supported identity provider is Microsoft Entra ID (formerly known as Azure AD). For more information about Microsoft Entra ID, see the Microsoft Entra integration documentation.

important

Before you start, ensure you have read Setting up single sign-on to understand how it impacts your organization.

Prerequisites

important

Always keep one non-SSO admin user on the identity provider side.

  • You have a Microsoft Entra user account for your organization.
  • You have admin rights in Microsoft Entra ID.
  • You have admin rights in Talon.One.

Configuring Microsoft Entra ID as an identity provider

To connect Microsoft Entra ID to Talon.One, first create an enterprise application in Microsoft Entra ID:

  1. Sign in to the Microsoft Entra admin center with your Microsoft account.
  2. Go to Identity > Applications > Enterprise applications > All applications.
  3. Click New application > Create your own application.
  4. Choose a name for the application, for example Talon.One.
  5. Ensure Integrate any other application you don't find in the gallery (Non-gallery) is selected, and click Create. The application's overview page opens.

To set up single sign-on for the application in Microsoft Entra ID:

  1. In the Manage section of the left menu, select Single sign-on.
  2. To set up single sign-on with SAML, click SAML.
  3. In the Basic SAML Configuration section, click Edit.
  4. In https://yourdeployment.talon.one/v1/saml_connections/{connectionID}/saml_callback, replace yourdeployment to match your Talon.One base URL, and paste it in the following fields:
    • Identifier (Entity ID)
    • Reply URL (Assertion Consumer Service URL)
  5. Click Save.
  6. From the SAML Certificates section, download the Certificate (Base64) and the Federation Metadata XML files to have them on hand for the next step.

Keep this page open in your browser. The application is ready in Microsoft Entra ID.

Configuring Talon.One for single sign-on

Let's use some of the information provided by Microsoft Entra ID to configure Talon.One.

  1. In a different browser tab, sign in to Talon.One and click Account > Organization > Single Sign-On.

  2. Type a name in the Connection name field, for example, Microsoft Entra ID.

  3. Select either Use a URL and a certificate or Use an identity provider (IdP) file.

  4. If you selected Use a URL and a certificate:

    • Copy the value of the Login URL field provided by Microsoft Entra ID and paste it into the Sign-on URL field.
    • Copy the value of the Microsoft Entra Identifier field provided by Microsoft Entra ID and paste it into the Issuer URL field.
    • Open the downloaded certificate in a text editor and paste its content into the SSO certificate field.
  5. If you selected Use an identity provider (IdP) file, click Choose XML and select the XML file you downloaded.

  6. (Optional) Select the Enforce single sign-on checkbox to enforce single sign-on for all users of your organization.

    important

    Enforcing single sign-on is a permanent action. When single sign-on is enforced, users of your organization can sign in to Talon.One only with the domains specified in the setup.

    Enforce single sign-on only when you are sure that the setup is correct and signing in works as expected.

  7. Click Enable Single Sign-On.

You can now assign the Talon.One application to users in Microsoft Entra ID to allow them to connect to Talon.One with their Microsoft Entra user account.

Using single sign-on with Talon.One

To sign in to Talon.One directly from your Microsoft Entra user account:

  1. Open your Talon.One deployment.

  2. At the bottom of the Talon.One sign-in page, click Microsoft Entra ID.

    note

    The single sign-on button name on the Talon.One sign-in page matches the Connection name that was entered while configuring Talon.One for single sign-on.

  3. On the Microsoft Entra ID page you are redirected to, sign in to your Microsoft Entra account.

After you sign in to your Microsoft Entra account, you are redirected back to Talon.One.