Single Sign-On Overview

With the Single Sign-on (SSO) feature, users do not need to maintain another password to access the GoodData platform. You can use your existing infrastructure for user management. You can also connect using the GoodData APIs to allow your users to log in to GoodData seamlessly.

SSO resolves the login and redirects inside the GoodData platform. Other tasks such as user management within a single workspace are maintained by the classic user provisioning features.

SSO is a key component for embedding dashboards into your web applications. If you define an iframe to embed a dashboard, enable SSO so that the dashboard users do not get errors when trying to access the dashboard. The following picture shows the process:

When users log out, they are redirected to a special SSO logout page. Any white-labeling applied to the GoodData workspace is also applied to the SSO logout page.

If SSO login fails, the user is redirected to a special error page.

SSO Provider Parameter

The ssoProvider parameter is a unique string used to identify the exact key/certificate on the GoodData side. User accounts with the ssoProvider parameter set can access a GoodData workspace without using a password. Users can use predefined SSO providers, such as Salesforce or Okta. The ssoProvider parameter is used in the user provisioning API.

Supported SSO Types

GoodData supports the following types of SSO authentication:

• SAML 2.0-based authentication: The GoodData platform provides an authentication mechanism based on SAML 2.0 (see SAML SSO with GoodData). 
  • Fluig (see Setting up Fluig Single Sign-On)
  • Okta (see Setting up Okta Single Sign-On)
  • Auth0 (see Setting up Auth0 Single Sign-On)
  • Salesforce (see Configure Identity Provider with Salesforce)
  • AD FS (see Configuring Windows Server with AD FS for GoodData SAML SSO)
• PGP-based authentication: The GoodData platform provides its own proprietary authentication mechanism based on PGP keys (see GoodData PGP Single Sign-On).