|Related Tags: integration sso|
The GoodData platform has built-in support for integrating with Salesforce Single Sign On. With a minimum of effort, your users can be enabled to use their Salesforce logins to interact with your GoodData projects. This article outlines the data that you must gather and the configuration steps required to integrate with Salesforce SSO.
- For more information on GoodData SSO and Single Sign On in general, see Single Sign-On.
Configure Authentication Provider via API
Using the GoodData APIs, you must define the
ssoProvider value for each user in your GoodData Organization to the value:
NOTE: It is recommended to have your own GoodData Organization when you want to use Salesforce SSO.
- If you do not have an Organization, see Your GoodData Organization.
- For more information on API settings for users, see User API.
NOTE: Configuration changes via API to the Organization object or to the users in the Organization are permitted through the Organization admin account only. Project administrators cannot make these changes.
The GoodData user ID for in your GoodData organization must match the user email from Salesforce:
Optionally, you can also specify a login suffix in the SSO configuration to make it possible to provision users in GoodData that do not exactly match the e-mail address they use with Salesforce (to avoid user account conflicts).
If a suffix of “+acme” is specified in the SSO configuration, the Salesforce user email will match the GoodData user ID of
NOTE:You can also configure your organization to use your Salesforce userName as the user ID for in your GoodData organization (currently only available for whitelabeled and isolated domains).
To do this create a support request at support.gooddata.com. Make sure that your embedded dashboards use links with Partner_Server_URL_100 (not Partner_Server_URL_70).
Users in the Target Project
Each Salesforce user for which you wish to enable integration must be a member of the GoodData project that you are integrating.
If users are invited to a project through the GoodData Portal, links are provided in the generated email to enable the invited user to login directly through the Portal.
NOTE:Avoid inviting users to a project either through the GoodData Portal or via API call. Invited users can access the project immediately. In some cases, additional configuration is required.
Tip: To test Salesforce SSO authentication, you can invite a single, known user to the project and then complete the Portal Configuration steps to verify connectivity.
Instead, GoodData users should be added to a project through API. When a user is added to a project, no email is delivered to the user, and you can provide information on access through other mechanisms.
For more information, see User API.
After you have completed the GoodData configuration and project configuration, you can perform the remaining configuration steps through the GoodData Portal and then apply the generated iframe snippet into Salesforce.
Tip: If you are testing the SSO integration, you should perform your initial configuration in a developer sandbox within Salesforce or somehow make the the tab through which the GoodData project is accessed visible only to the testing users.
For more information on configuration in the Portal, see Embedding Dashboards into Salesforce.
For more information on troubleshooting SSO integration issues, see see Single Sign-On.