Setting up single sign-on with Okta
This tutorial describes how to connect Talon.One to Okta to allow users to sign in to Talon.One directly from their Okta account using single sign-on (SSO).
Single sign-on allows users to access many service providers using a single username and password by relying on a single identity provider.
In this tutorial, the service provider is Talon.One, and the supported identity provider is Okta. For more information about Okta, see the Okta integration documentation.
Before you start, ensure you have read Setting up single sign-on to understand how it impacts your organization.
Prerequisites
- You have an Okta account for your organization.
- You have admin rights in Okta.
- You have admin rights in Talon.One.
Configuring Okta as an identity provider
To connect Okta to Talon.One, create a new app in Okta using some information from Talon.One.
Getting the Assertion Consumer Service (ACS) URL in Talon.One
- Sign in to Talon.One and click Account > Organization > Single Sign-On.
- Next to the Assertion Consumer Service (ACS) URL value, click Copy.
Creating a Talon.One app in Okta
- In a separate browser tab, open your Okta account and click Admin.
- Click Applications in the top menu, and click Create New App.
- Select the following values:
- Platform: Web
- Sign on method: SAML 2.0
- Click Create. The app's general settings page opens.
- Choose a name for the application, for example
Talon.One, and click Next. - Paste the Assertion Consumer Service (ACS) URL value you copied from Talon.One
in the following fields:
- Single sign on URL
- Audience URI (SP Entity ID)
- Click Next.
- Select I'm an Okta customer adding an internal app and click Finish.
- Click View Setup Instructions. The page displays the Identity Provider Single Sign-On URL, the Identity Provider Issuer, the X.509 Certificate, and the IDP metadata.
Keep this page open in your browser. The app is ready in Okta.
Configuring Talon.One for single sign-on
Let's use some of the information provided by Okta to configure Talon.One. On the Single Sign-On page in Talon.One:
-
Type a name in the Connection name field, for example,
Okta. -
Select either Use a URL and a certificate or Use an identity provider (IdP) file.
-
If you selected Use a URL and a certificate:
- Copy the value of the Identity Provider Single Sign-On URL field provided by Okta and paste it into the Sign-on URL field.
- Copy the value of the Identity Provider Issuer field provided by Okta and paste it into the Issuer URL field.
- Copy the value of the X.509 Certificate field provided by Okta and paste it into the SSO certificate field.
-
If you selected Use an identity provider (IdP) file:
- In Okta, save the value of the Provide the following IDP metadata to your SP provider field provided by Okta to an XML file.
- In Talon.One, click Choose XML and select the XML file you downloaded in the previous step.
-
(Optional) Select the Enforce single sign-on checkbox to enforce single sign-on for all users of your organization.
importantEnforcing single sign-on is a permanent action. When single sign-on is enforced, users of your organization can sign in to Talon.One only with the domains specified in the setup.
Enforce single sign-on only when you are sure that the setup is correct and signing in works as expected.
-
Click Enable Single Sign-On.
You can now assign the Talon.One app to users in Okta to allow them to connect to Talon.One with their Okta account.
Using single sign-on with Talon.One
To sign in to Talon.One directly from your Okta account:
-
Open your Talon.One deployment.
-
At the bottom of the Talon.One sign-in page, click
Okta.noteThe single sign-on button name on the Talon.One sign-in page matches the Connection name that was entered while configuring Talon.One for single sign-on.
-
On the Okta page you are redirected to, sign in to your Okta account.
After you sign in to your Okta account, you are redirected back to Talon.One.