Mapping roles between SSO and Talend Cloud
Issue a POST request at the /security/role-mappings endpoint to create this kind of role mapping.Before you begin
- You have defined roles on your SSO platform, as explained in Create custom roles from the Azure documentation. When you configure Talend Cloud Management Console as an application in your SSO provider system, as explained in the following point, ensure to add these roles, separated with commas, for example,
Developer,Administrator
, to aCustomerRoles
user attribute. - You have configured your application in the Azure portal and and enabled SSO from Talend Cloud Management Console. For further information, see Configuring SSO with Azure Active Directory.
- You have added the CustomerRoles attribute to User Attributes & Claims as explained in Configuring Azure AD Single Sign-On.
- The user or service account to be used to issue the API request must have the
TMC_SSO_MANAGEMENT
permission.
- Generate an access token:
- For users, generate a personal access token. For further information, see Generating a Personal Access Token.
- For service accounts, generate a service account token. For further information about how to generate a service account token, see Generating a service account token. Once generated, a service account token expires after 30 minutes. If it expires, generate a new token using the POST method at the endpoint
https://api.{env}.cloud.talend.com/security/oauth/token
.
About this task
In this example, the customer roles to be mapped are Developer
and Administrator
. Note that these roles are for demonstration purposes only.
Procedure
-
Issue the following API call to define the role mapping:
method: POST endpoint: https://api.<env>.cloud.talend.com/security/role-mappings headers: { "Content-Type": "application/json", "Authorization": "Bearer <your_personal_access_token_or_service_account_token>" } payload: { [ { "name":"Developer", "roles":[ "API Tester", "API Designer" ] }, { "name":"Administrator", "roles":[ "Operator" ] } ] }
Regarding the Talend Cloud roles, you can access the predefined list of roles, add new roles, manage role permissions, and assign roles to users in Users & Security > Roles in Talend Cloud Management Console. For further information, see Managing roles.
Results
Once done, the role you assign to users in your SSO system will be synchronized with role assignment on Talend Cloud. In this example, a user with the SSO Developer
role automatically obtains the API Tester and API Designer role of Talend Cloud.
Note that for any given user, the roles assigned via this role mapping override those assigned via Just-in-time user provisioning, a classic user identity provisioning option provided in Talend Cloud Management Console.