Use System for Cross-domain Identity Management User Provisioning in a SAML SSO Environment
If you have Single Sign-On (SSO) based on SAML (Security Assertion Markup Language, see SAML SSO with GoodData), you can use System for Cross-domain Identity Management (SCIM) user provisioning.
With SCIM, you do not have to create and configure users in advance. SCIM creates users when their accounts are created in the Identity Provider application. When you create a user in your Identity Provider, a GoodData account is automatically created for them. The user can log in to the GoodData platform, but is not granted access to any GoodData workspace. The user’s details are provided as part of Identity Provider metadata.
Set Up SCIM User Provisioning
Steps:
- In the Identity Provider account, create and set up an application for SCIM. We recommend that you use SCIM Version 2.0.
- In the SCIM application, provide the connection details for integrating with your SCIM server:
- Set the SCIM base URL to
https://{your-subdomain-name}.on.gooddata.com/gdc/scim/v2. If your workspaces use whitelabeling, use your domain address. For example,https://example.com/gdc/scim/v2. - Provide the credentials of the user who is a domain admin for your GoodData domain.
- Set the SCIM base URL to
- Enable user provisioning and set up attribute mapping. The GoodData platform supports the following attributes:
stateis the state of the user on the GoodData platform (for example, active or deleted).loginis the user login; must follow the email format.Once assigned, theloginattribute cannot be updated.emailis the user’s contact email.firstNameis the user’s first name.lastNameis the user’s last name.languageis the language used in the embedded dashboards that the user can view.
If your Identity Provider supports user migration, you can also migrate GoodData users to your Identity Provider account.