With the Single Sign-on (SSO) feature, you don’t need to maintain yet another password for accessing the GoodData platform. You can use your existing infrastructure for user management. You can also connect using the GoodData APIs to allow your users to log in to GoodData seamlessly.
The key point in understanding the SSO mechanism is that SSO resolves the login and redirect inside the GoodData platform. Other tasks such as user management within a single project are maintained by the classic user provisioning features.
SSO is a key component for embedding dashboards into your web applications. If you have defined an iframe to embed a dashboard, you should enable SSO so that the dashboard users do not get errors when trying to access the dashboard. The following picture shows the process:
When a user logs out, they are redirected to a special SSO logout page. Any white-labeling applied to the GoodData project is also applied to the SSO logout page.
If SSO login fails, the user is redirected to a special error page.
An SSO provider is a unique string used to identify the exact key / certificate on the GoodData side. A user account with the SSO provider can access a GoodData project without using a password. The user can use predefined
SSO providers, such as Salesforce. The SSO Provider parameter is used in the user provisioning API.
Supported SSO Types
GoodData supports the following types of SSO authentication:
- PGP-based authentication: The GoodData platform provides its own proprietary authentication mechanism based on PGP keys. For more information, see GoodData PGP Single Sign-On.
- SAML 2.0-based authentication: The GoodData platform provides an authentication mechanism based on SAML 2.0, IDP-initiated. For more information, see SAML SSO with GoodData.
- Salesforce authentication: For more information, see Configure Identity Provider with Salesforce.
- Okta authentication: For more information, see Setting up Okta Single Sign-On.
- Fluig authentication: For more information, see Setting up Fluig Single Sign-On.
- AD FS authentication: For more information, see Configuring Windows Server with AD FS for GoodData SAML SSO.