SAML SSO with GoodData

Related Tags: integration sso

This SSO implementation is based on SAML (Security Assertion Markup Language) and allows your application to sign in an existing GoodData user. The authentication is done not by username and password, but by exchanging authentication and authorization data between the parties.

GoodData supports SAML Identity Provider-initiated scenario only:

Okta auth

Configure the following settings:

SAML version 2.0 (version 1.0 and 1.1 are not supported)
Post back URL (destination) https://secure.gooddata.com/gdc/account/samllogin (a URL where the SAML response and assertion is consumed). For a white-labeled instance, use your hostname instead.
Recipient https://secure.gooddata.com/gdc/account/samllogin (a URL of the assertion consumer). For a white-labeled instance, use your hostname instead.
Audience restriction GoodData
Name ID format EmailAddress
Sign response Yes
Sign assertion Yes (default) / No (let us know if you are not able to sign the assertion)
Encrypt response No
SSO Init type Identity Provider-initiated
RelayState The URL in GoodData where the user is redirected after a successful login

For an example of the SAML message consumed by the GoodData side, click here.