GoodData Cloud - switching the identity provider to AWS Cognito - configuration protection

  • 3 October 2023
  • 2 replies



My organization has been using GoodData internal / dev identity provider, and we would like to switch to our new AWS Cognito identity provider.


We are following the documentation here:

According to the section “Configure Cognito IdP in Organization” we executed the REST API PUT method to “ $HOST_URL/api/v1/entities/admin/organizations/$ORGANIZATION_ID”, however the response is:

"detail": "Can't proceed, OAuth configuration is protected against alteration in the organization.",
"status": 409,
"title": "Conflict",
"traceId": "..."

Could you please advise how to lift this protection?

Thank you.


Best answer by Daniela 3 October 2023, 09:44

View original

2 replies

Hello Tomas,
Thanks for sending the error. I checked your org and this happens (as you mentioned) when the org has OIDC managed by us.
I’ve enabled that OIDC will be managed by you and not us.  
You should be able to change the OIDC to your own now.

Thank you very much Daniela, that worked for us.

We successfully switched to AWS Cognito. \o/

For the community sake, I can comment that following the guide here: and the change you did on GoodData site was all that we needed.