Skip to main content

Setting up Single Sign-On with Okta

Set up Single Sign-On (SSO) to allow users to access many service providers using a single username and password by relying on a single identity provider.

In this scenario, Talon.One is the service provider and the supported identity provider is Okta.

This procedure describes how to connect Talon.One to Okta to allow users to sign in directly from their Okta account. For more information about Okta, see their integration documentation.

Prerequisites

  • You have an Okta account for your company.
  • You have admin rights in Okta.
  • You have admin rights in Talon.One.

Configuring Okta as an identity provider

To connect Okta to Talon.One, create a new app in Okta:

  1. Open your Okta account and click Admin.
  2. Click Applications in the top menu, and click Create New App.
  3. Select the following values:
    • Platform: Web
    • Sign on method: SAML 2.0
  4. Click Create. The app's general settings page opens.
  5. Choose a name for the application, for example Talon.One and click Next.
  6. In https://yourdeployment.talon.one/v1/saml_connections/1/saml_callback, replace yourdeployment to match your Talon.One base URL and paste it in the following fields:
    • Single sign on URL
    • Audience URI (SP Entity ID)
  7. Click Next.
  8. Select I'm an Okta customer adding an internal app and click Finish.
  9. Click View Setup Instructions. The page displays the Identity Provider Single Sign-On URL, the Identity Provider Issuer, the X.509 Certificate, and the IDP metadata.

Keep this page open in your browser. The app is ready in Okta. Let's use some of the information provided by Okta to configure Talon.One.

Configuring Talon.One for SSO

  1. In a different browser tab, connect to your Talon.One portal and click Account > Organization > Single Sign-On.
  2. Type a name in the Connection name field. For example Okta.
  3. Select either Using a URL and a Certificate or Using an Identity Provider (IdP) file.
  4. If you selected Using a URL and a Certificate:
    • Copy the value of the Identity Provider Single Sign-On URL field provided by Okta and paste it in the Sign-On URL field.
    • Copy the value of the Identity Provider Issuer field provided by Okta and paste it in the Issuer URL field.
    • Copy the value of the X.509 Certificate field provided by Okta and paste it in the SSO certificate field.
  5. If you selected Using an Identity Provider (IdP):
    • Save the value of the Provide the following IDP metadata to your SP provider field provided by Okta to an XML file.
    • In Talon.One, click Choose XML and browse to the XML file.
  6. Check SSO enabled.
  7. Click Save.

You can now assign the Talon.One app to users in Okta to allow them to connect to Talon.One with their Okta account.

Using SSO with Talon.One

To sign in to Talon.One directly from your Okta account:

  1. Open your Talon.One portal.

  2. At the bottom of the Talon.One sign-in page, click Okta.

    note

    The SSO button name on the Talon.One sign-in page matches the Connection name that was entered while configuring Talon.One for SSO.

  3. On the Okta page you are redirected to, sign in to your Okta account.

After you sign in to your Okta account, you are redirected back to Talon.One.

note

After you sign in once using SSO, you cannot use your email and password to sign in to Talon.One anymore.

Important

Always keep one non-SSO admin user.

Refer Assigning an application to user for more information.