Configure Identity Provider with Salesforce
The GoodData platform has a built-in support for integrating with Salesforce Single Sign-On (SSO). Your users can use their Salesforce logins to interact with your GoodData projects. This article outlines the data that you must gather and the configuration steps required to integrate with Salesforce SSO.
For more information on GoodData SSO and SSO in general, see Single Sign-On Overview and SAML SSO with GoodData.
Steps:
- Log in to your Salesforce account, and add a new domain (for more information, see Salesforce user documentation).
- Enable Salesforce as Identity Provider (for more information, see Salesforce user documentation).
- Download the Identity Provider certificate, note Issuer and save it for later use.
- Set up a new connected app:
- Select Enable SAML.
- Set Entity Id and ACS URL to
https://<YOUR_GOODDATA_HOSTNAME>/gdc/account/samllogin
. - Select the Identity Provider that you created in Step 2.
- Open the connected app details and look for SAML Login Information. Note IdP-Initiated Login URL and save it for later use.
- Set up Connected app access for profile: go to Setup -> Users -> Profiles, click Edit for the selected profile, click Connected apps, and select the app that you created in Step 4.
- Send a request to GoodData Support to create an SSO provider. In the request:
- Specify the scenario that you want to use: Service Provider-initiated (recommended) or Identity Provider-initiated.
Include the downloaded IdP certificate (see Step 3), the issuer name (see Step 3), IdP-Initiated Login URL (step 5), and the name of the SSO provider that you want to use.
Pick the SSO provider name that clearly identifies you. Include your domain name (if you are a white-labeled customer, include your top-level white-label domain name), and optionally include an
sf
prefix. If you do not provide the SSO provider name, we may use the value of theentityID
keyword in the IdP certificate.The SSO provider name must be lowercase.
Examples:
my.domain.com
sf-my.domain.au
Once created, the SSO provider name cannot be updated.
GoodData deploys your SSO provider to the production environment. You receive a unique SSO parameter to use in user provisioning.
This parameter is namedSSOProvider
and is used in the API for managing users. Usually, it is the same as your SSO provider name Provision users with the provided
SSOProvider
parameter. Use the same login as Salesforce username, and enable SSO auth mode for them.Only a domain administrator can create a user with the
ssoProvider
parameter specified or modify thessoProvider
parameter for an existing user.
For more information on embedding your dashboard into Salesforce, see Embed a Dashboard into Salesforce.
Thank you for your feedback!
Thank you for your feedback!
If you can't find what you need, don't hesitate to send us a comment.
Any questions?
Check out the GoodData community.