Hello, We deployed <GoodData.CN> CE and set up an ...
# gooddata-cn
Hello, We deployed GoodData.CN CE and set up an OIDC provider (AAD) to login to the GDCN instance. According to docs we have to map each user to gdcn user. Is it possible to map all users in general. So every user that logins via the OIDC provider gets automatically mapped to a certain userGroup (or other default relationship)?
✔️ 1
the idea is to not call the “map user” api call for every user in OIDC.
no, it's not possible. User entities must exist in GoodData.CN and they must be bound to the corresponding user in identity provider via authenticationId attribute.
ok thanks 😉
Would you consider an option (having "admin" access to OIDC) to fetch all users from the provider, generate declarative users document and put it to our platform? (with our python-sdk) You could run it regularly and automatically provision/de-provision users.
ok we might consider it although there are more options as well which is good.
one more question - can value of
be a foreseeable string, such as email, for example john.doe@mycompany.com? I don’t see any problem in this, just want to make sure I’m not overlooking something here.
authenticationId is actually driven by the contents of
claim in oauth2 token. So it depends on your Identity Provider, what it sets into this claim.