Page tree
Skip to end of metadata
Go to start of metadata

This SSO implementation is based on SAML (Security Assertion Markup Language) and allows your application to sign in an existing GoodData user. The authentication is done not by username and password, but by exchanging authentication and authorization data between the parties.

GoodData supports SAML Identity Provider-initiated scenario only:


Configure the following settings:

SAML version2.0 (version 1.0 and 1.1 are not supported)
Post back URL (destination)
(a URL where the SAML response and assertion is consumed). For a white-labeled instance, use your hostname instead.
(a URL of the assertion consumer). For a white-labeled instance, use your hostname instead.
Audience restrictionGoodData
Name ID formatEmailAddress
Sign responseYes
Sign assertionYes (default) / No (let us know if you are not able to sign the assertion)
Encrypt responseNo
SSO Init typeIdentity Provider-initiated
RelayStateThe URL in GoodData where the user is redirected after a successful login

For an example of the SAML message consumed by the GoodData side, click here.