The GoodData platform has a built-in support for integrating with Salesforce Single Sign-On (SSO). Your users can use their Salesforce logins to interact with your GoodData projects. This article outlines the data that you must gather and the configuration steps required to integrate with Salesforce SSO.
- Log in to your Salesforce account, and add a new domain (for more information, see Salesforce user documentation).
- Enable Salesforce as Identity Provider (for more information, see Salesforce user documentation).
- Download the Identity Provider certificate, note Issuer and save it for later use.
- Set up a new connected app:
- Select Enable SAML.
- Set Entity Id and ACS URL to
- Select the Identity Provider that you created in Step 2.
- Open the connected app details and look for SAML Login Information. Note IdP-Initiated Login URL and save it for later use.
- Set up Connected app access for profile: go to Setup -> Users -> Profiles, click Edit for the selected profile, click Connected apps, and select the app that you created in Step 4.
- Send a request to GoodData Support to create an SSO provider. In the request:
- Specify the scenario that you want to use: Service Provider-initiated (recommended) or Identity Provider-initiated.
Include the downloaded IdP certificate (see Step 3), the issuer name (see Step 3), IdP-Initiated Login URL (step 5), and the name of the SSO provider that you want to use.
Pick the SSO provider name that clearly identifies you. Include your domain name (if you are a white-labeled customer, include your top-level white-label domain name), and optionally include an
sfprefix. If you do not provide the SSO provider name, we may use the value of the
entityIDkeyword in the IdP certificate.
The SSO provider name must be lowercase.
GoodData deploys your SSO provider to the production environment. You receive a unique SSO parameter to use in user provisioning.
This parameter is named
SSOProviderand is used in the API for managing users. Usually, it is the same as your SSO provider name
Provision users with the provided
SSOProviderparameter. Use the same login as Salesforce username, and enable SSO auth mode for them.
Only a domain administrator can create a user with the
ssoProviderparameter specified or modify the
ssoProviderparameter for an existing user.