Single Sign-On Overview

With the Single Sign-on (SSO) feature, users do not need to maintain another password to access the GoodData platform. You can use your existing infrastructure for user management. You can also connect using the GoodData APIs to allow your users to log in to GoodData seamlessly.

SSO resolves the login and redirects inside the GoodData platform. Other tasks such as user management within a single workspace are maintained by the classic user provisioning features.

SSO is a key component for embedding dashboards into your web applications. If you define an iframe to embed a dashboard, enable SSO so that the dashboard users do not get errors when trying to access the dashboard. The following picture shows the process:

When users log out, they are redirected to a special SSO logout page. Any white-labeling applied to the GoodData workspace is also applied to the SSO logout page.

If SSO login fails, the user is redirected to a special error page.

SSO Provider Parameter

The ssoProvider parameter is a unique string used to identify the exact key/certificate on the GoodData side. User accounts with the ssoProvider parameter set can access a GoodData workspace without using a password. Users can use predefined SSO providers, such as Salesforce or Okta. The ssoProvider parameter is used in the user provisioning API.

Supported SSO Types

GoodData supports the following types of SSO authentication: