Okta SSO Integration Guide with GoodData.CN

OpenID Connect (OIDC) is an OIDF standard that profiles and extends OAuth 2.0 to add an identity layer — creating a single framework to provide secured access to APIs, mobile native applications, and browser applications in a single, cohesive architecture.

In this article, we will show you how to set up OIDC app integration for GoodData.CN in Okta.

Step 1: Create a new application integration

  1. In the Okta admin console, navigate to Applications.
  2. Click on the button “Add Application.”
  3. Click on the “Create New App” button. A modal dialogue asking for basic parameters will appear.
  4. Select “Web” as a Platform and “OpenID Connect” as the Sign-on method.
  5. Click the “Create” button (the OpenID Connect app integration window will open).

Step 2: Create OpenID Connect app integration

  1. Choose the Application name to identify this application in Okta’s admin console.
  2. Optionally, choose your custom logo that will be shown in the application list.
  3. Add Login redirect URI in the form https://<organization-hostname>/login/oauth2/code/<organization-hostname> (so-called callback URL).
  4. Optionally (but recommended), add Logout redirect URI in the form https://<organization-hostname>.

Step 3: A summary of your newly created OIDC application

  1. The next page summarizes your newly created OIDC application.
  2. You will need the values of “Client ID”, “Client secret”, and “Okta domain” to configure an OIDC client for your organization.

Now, you can assign users and groups to this application so they can use it. This action can be done conveniently using Okta API or manually in the admin console.

Now you have all the information needed for the OIDC configuration of your organization.

{
  "data": {
    "id": "analytics",
    "type": "organization",
    "attributes": {
      "name": "Example.com",
      "hostname": "analytics.example.com",
      "oauthIssuerLocation": "https://<Okta domain>",
      "oauthClientId": "<Client ID>",
      "oauthClientSecret": "<Client secret>"
    }
  }
}

For mapping Okta user-to-user in GoodData.CN, you need to set the user’s authenticationId in GoodData.CN. You can get the user ID by querying the Okta API where you replace <Okta domain> and <user login>.

https://<Okta domain>/api/v1/users?filter=profile.login%20eq%20"<user login>"

Your integration is now fully configured.

If you are interested in GoodData.CN, please contact us.

Alternatively, test a trial version of GoodData Cloud:

Start Your GoodData Analytics Trial — Commitment-Free

Localization and Internationalization
Provisioning and Change Management Automation in GoodData Platform