Skip to main content

Setting up single sign-on with Okta

This tutorial describes how to connect Talon.One to Okta to allow users to sign in to Talon.One directly from their Okta account using single sign-on (SSO).

Single sign-on allows users to access many service providers using a single username and password by relying on a single identity provider.

In this tutorial, the service provider is Talon.One, and the supported identity provider is Okta. For more information about Okta, see the Okta integration documentation.

important

Before you start, ensure you have read Setting up single sign-on to understand how it impacts your organization.

Prerequisites

Important

Always keep one non-SSO admin user on the identity provider side.

  • You have an Okta account for your organization.
  • You have admin rights in Okta.
  • You have admin rights in Talon.One.

Configuring Okta as an identity provider

To connect Okta to Talon.One, create a new app in Okta:

  1. Open your Okta account and click Admin.
  2. Click Applications in the top menu, and click Create New App.
  3. Select the following values:
    • Platform: Web
    • Sign on method: SAML 2.0
  4. Click Create. The app's general settings page opens.
  5. Choose a name for the application, for example Talon.One, and click Next.
  6. In https://yourdeployment.talon.one/v1/saml_connections/1/saml_callback, replace yourdeployment to match your Talon.One base URL and paste it in the following fields:
    • Single sign on URL
    • Audience URI (SP Entity ID)
  7. Click Next.
  8. Select I'm an Okta customer adding an internal app and click Finish.
  9. Click View Setup Instructions. The page displays the Identity Provider Single Sign-On URL, the Identity Provider Issuer, the X.509 Certificate, and the IDP metadata.

Keep this page open in your browser. The app is ready in Okta.

Configuring Talon.One for single sign-on

Let's use some of the information provided by Okta to configure Talon.One.

  1. In a different browser tab, sign in to Talon.One and click Account > Organization > Single Sign-On.

  2. Type a name in the Connection name field, for example, Okta.

  3. Select either Use a URL and a certificate or Use an identity provider (IdP) file.

  4. If you selected Use a URL and a certificate:

    • Copy the value of the Identity Provider Single Sign-On URL field provided by Okta and paste it into the Sign-on URL field.
    • Copy the value of the Identity Provider Issuer field provided by Okta and paste it into the Issuer URL field.
    • Copy the value of the X.509 Certificate field provided by Okta and paste it into the SSO certificate field.

  5. If you selected Use an identity provider (IdP) file:

    • In Okta, save the value of the Provide the following IDP metadata to your SP provider field provided by Okta to an XML file.
    • In Talon.One, click Choose XML and select the XML file you downloaded in the previous step.

  6. (Optional) Select the Enforce single sign-on checkbox to enforce single sign-on for all users of your organization.

    important

    Enforcing single sign-on is a permanent action. When single sign-on is enforced, users of your organization can sign in to Talon.One only with the domains specified in the setup.

    Enforce single sign-on only when you are sure that the setup is correct and signing in works as expected.

  7. Click Enable Single Sign-On.

You can now assign the Talon.One app to users in Okta to allow them to connect to Talon.One with their Okta account.

Using single sign-on with Talon.One

To sign in to Talon.One directly from your Okta account:

  1. Open your Talon.One deployment.

  2. At the bottom of the Talon.One sign-in page, click Okta.

    note

    The single sign-on button name on the Talon.One sign-in page matches the Connection name that was entered while configuring Talon.One for single sign-on.

  3. On the Okta page you are redirected to, sign in to your Okta account.

After you sign in to your Okta account, you are redirected back to Talon.One.