Use System for Cross-domain Identity Management User Provisioning in a SAML SSO Environment

If you have Single Sign-On (SSO) based on SAML (Security Assertion Markup Language, see SAML SSO with GoodData), you can use System for Cross-domain Identity Management (SCIM) user provisioning.

With SCIM, you do not have to create and configure users in advance. SCIM creates users when their accounts are created in the Identity Provider application. When you create a user in your Identity Provider, a GoodData account is automatically created for them. The user can log in to the GoodData platform, but is not granted access to any GoodData workspace. The user's details are provided as part of Identity Provider metadata.

Contents:

Set Up SCIM User Provisioning

Steps:

  1. In the Identity Provider account, create and set up an application for SCIM.
    We recommend that you use SCIM Version 2.0.
  2. In the SCIM application, provide the connection details for integrating with your SCIM server:
    1. Set the SCIM base URL to https://{your-subdomain-name}.on.gooddata.com/gdc/scim/v2. If your workspaces use whitelabeling, use your domain address. For example, https://example.com/gdc/scim/v2.
    2. Provide the credentials of the user who is a domain admin for your GoodData domain.
  3. Enable user provisioning and set up attribute mapping.
    The GoodData platform supports the following attributes:
    • state is the state of the user on the GoodData platform (for example, active or deleted).
    • login is the user login; must follow the email format.

      Once assigned, the login attribute cannot be updated.

    • email is the user's contact email.
    • firstName is the user's first name.
    • lastName is the user's last name.
    • language is the language used in the embedded dashboards that the user can view.

If your Identity Provider supports user migration, you can also migrate GoodData users to your Identity Provider account.

Powered by Atlassian Confluence and Scroll Viewport.