Creating the Talend Cloud application in Okta
Procedure
- Log in to your administrator Okta account.
- Click Applications > Add Applications.
- Click Create New App.
- In the Create a New Application Integration window, select the Web and SAML 2.0 options, then click Create.
-
On the General Settings page,
enter a name for your application, then click Next.
Example
-
Fill in the SAML Settings:
Field
Value
Single sign on URL
https://iam.<env>.cloud.talend.com/oidc/ssologin, where <env> is the name of your Cloud region, for example:
- AWS US: https://iam.us.cloud.talend.com/oidc/ssologin
- AWS EMEA: https://iam.eu.cloud.talend.com/oidc/ssologin
- AWS APAC: https://iam.ap.cloud.talend.com/oidc/ssologin
- Azure: https://iam.us-west.cloud.talend.com/oidc/ssologin
For further information about the available regions, see the Single sign-on configuration URL row of each region at Talend Cloud regions and URLs.
Audience URI (SP Entity ID)
https://iam.<env>.cloud.talend.com/oidc/ssologin, where <env> is the name of your Cloud region, for example: - AWS US: https://iam.us.cloud.talend.com/oidc/ssologin
- AWS EMEA: https://iam.eu.cloud.talend.com/oidc/ssologin
- AWS APAC: https://iam.ap.cloud.talend.com/oidc/ssologin
- Azure: https://iam.us-west.cloud.talend.com/oidc/ssologin
When setting up SSO for multiple accounts (multiple tenants) on Talend Management Console, use their account IDs to define the unique entity ID of each account. For example, the entity ID for the AWS US region becomes https://iam.us.cloud.talend.com/oidc/ssologin/<your_account_ID>. Remember to perform the SSO setup individually for each tenant using their respective account IDs. This federates these tenants into a single SSO authentication system.Information noteNote: The account federation mentioned is exclusive to SSO authentication. The Talend Management Console objects, such as environments and workspaces, remain specific to each tenant and cannot be shared across tenancies.You can find the account ID on the Subscription page of your Talend Management Console.
Name ID format
Select EmailAddress from the drop-down list.
Application username
Select Okta username from the drop-down list.
-
In the Attribute Statements
area, add the following attributes:
SAML attribute name Value given_name user.firstName family_name user.lastName TalendCloudDomainName Domain name of your Talend Cloud account tenant. - If you already logged in Talend Cloud, find the name in the Domain field of the Subscription page of your Talend Management Console.
- Otherwise, three options are available for you to find your domain. For more details, see Find domains.
email user.email middle_name user.middleName CustomerRoles If you need to set up SCIM provisioning to synchronize users, groups, and roles between your SSO provider and Talend Cloud, you must add the CustomerRoles attribute and in its value, separate roles with commas, for example, Developer,Administrator. - For further information about how to define these roles for Talend Cloud in Okta, see Role assignment in the Okta developer documentation.
- For a step-by-step demonstration about how to set up SCIM provisioning, see Managing and synchronizing user identities across your third-party system and Talend Cloud.
- Click Next.
- On the Feedback page, select the I'm an Okta customer adding an internal app option.
- In the optional questions section, select the This is an internal app that we have created option.
- Click Finish.
-
Click View Setup Instructions.
A new tab opens in your browser, containing additional instructions.
- Copy the XML content under Optional and save it into an XML file.
Results
You will need the metadata file as well as the organization URL to complete the setup in Talend Cloud.
Did this page help you?
If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!