Setting up Okta Single Sign-On

Okta is a third-party authentication service that enables users to be automatically logged in to GoodData seamlessly. When you implement Okta in your GoodData domain, users of your workspaces can access GoodData without using GoodData-specific credentials.

For more information on Okta, see For more information on GoodData and SSO, see Single Sign-On Overview.

GoodData uses the SAML protocol for exchanging information with Okta.

This article provides instructions for configuring Okta authentication for your GoodData domain.

Configure SSO


  1. Go to your Okta account, and create a new application for GoodData. When prompted to select the application type, select SAML 2.0.

  2. Navigate to the SAML 2.0 SSO setup instructions for your application, and do the following:

    1. Download the public certificate.
    2. Copy the URLs for the external key and redirect login.
  3. Determine which SSO scenario you are configuring and follow the relevant instructions:

This completes the configuration process. You can now start provision users.

Embedding Options

You can enable Okta SSO for embedded dashboards.

In the Identity Provider-initiated scenario, when Okta SSO setup is complete, Okta displays a URI to authenticate and redirect you to the RelayState URI, which you have specified when configuring the Okta SAML 2.0 application. By default, the Okta application authenticates and redirects you to your GoodData dashboard.

To set up a redirect to an embedded dashboard instead, use the redirect login URL as a redirect URI in the iframe embedded in your web application. You can find it in the OKTA user interface.

Your iframe can look similar to the following:

<iframe frameborder="0" src="{your_redirect_uri_defined_in_okta}" width="100%" height="790px"></iframe>

Now, Okta authenticates you, and the dashboard defined by the RelayState URI is displayed.