Page tree
Skip to end of metadata
Go to start of metadata

The GoodData platform has built-in support for integrating with Salesforce Single Sign On. With a minimum of effort, your users can be enabled to use their Salesforce logins to interact with your GoodData projects. This article outlines the data that you must gather and the configuration steps required to integrate with Salesforce SSO.

  • For more information on GoodData SSO and Single Sign On in general, see Single Sign-On.

Configuring an identity provider with Salesforce requires you to complete the following steps:

  1. Add a new domain at Salesforce Help.
  2. Set up your Identity Provider.
  3. Download the identity provider certificate and remark Issuer.
  4. Set up a new connected app:
    1. Select Enable SAML
    2. Set Entity Id and ACS URL to https://<GOODDATA_HOSTNAME>/gdc/account/samllogin where the hostname is secure.gooddata.com (or the hostname of your domain).
    3. Select the Identity provider created in step 2.
  5. Open connected app details and look for SAML Login Information, remark IdP-Initiated Login URL.
  6. Setup Connected app access for profile (Setup->Users->Profiles->click edit for selected profile->Connected apps->select app created in step 4)
  7. Send GoodData support (support@gooddata.com) request to create a new SSO provider. Include identity provider certificate (step 3), issuer name (step 3) and IdP-Initiated Login URL (step 4)
  8. Provision users with a ssoProvider created in step 7, use the same login as Salesforce username, enable SSO auth mode for them.
  9. User IdP-Initiated Login URL to log users into GoodData through Salesforce SAML identity provider.
  10. By default, users are redirected to GoodData portal, if you want to change the redirect URL, add the RelayState HTTP query param to login url. If you want to redirect user to GoodData embedded iframe tab in Salesforce, go to the tab in salesforce on your domain and select the URL including lid query parameter. Use this URL as RelayStateQuery paramameter:

    <IdP-Initiated Login URL>&RelayState=https://<YOUR SALESFORCE DOMAIN>/servlet/servlet.Integration?lid=<TAB ID>