I'm not quite sure which channel this belongs in. I'd like to make some API calls to GoodData to make sure I understand the flow and usage. I'm using this help documentation: https://help.gooddata.com/doc/enterprise/en/expand-your-gooddata-platform/api-reference/#tag/login These make it seem like they can be interacted with (like swagger docs) but I'm not seeing how. Am I missing something or are these purely examples?

Hi Levi, As mentioned in the documentation itself, there are the samples. For some calls, you simply copy-paste the endpoint and use the correct method. For others, you need to copy(and update) the whole body of the call. You can use regular clients like Postman, but I am that familiar with Swagger, tbh. I am afraid this level of interaction isn’t available for now. Also, it is important to follow the correct documentation and use the correct apiary for your product. The one that you linked herei s for GoodData Platform and that’s why it mentions domains and Domain Admins. You can find more information here. Could you kindly confirm that you are working with GD Platform and not with the GD Cloud or GD CN, please?

Excellent question. We are on the GD Cloud based on the url provided to me: https://in2l.cloud.gooddata.com/

Thank you for the confirmation, definitely GD Cloud! The correct API documentation can be found here: https://www.gooddata.com/developers/cloud-native/doc/cloud/api-and-sdk/api/ And your assumption about CN and Cloud is quite correct. The biggest difference between these product is that GD CN is hosted by customers themselves and GD Coud is hosted by GoodData.

Wonderful. I've got a new question if you have the time. I think I've found the correct documentation for using Azure AD as my idP. https://www.gooddata.com/developers/cloud-native/doc/cloud/manage-organization/set-up-authentication/#SetUpAuthenticationUs[…]ider-SupportedOIDCIdPs It shows as a tested OIDC IdP, which is great. I believe I have created the Oauth2 client in Azure. However, when I attempt to update the OIDC settings I get an error: { "detail": "The requested endpoint does not exist or you do not have permission to access it.", "status": 404, "title": "Not Found", "traceId": "7629ad3895e44d67" }

Yes, that’s the correct article and approach. Please make sure that you user the correct and hostname. I am sending you the ID via direct message.

Hi Levi, you will need to make sure you are first getting the token with the authorized user and then using that same token with the same authorized user, the domain admin. Next, you will need to make sure you have the following configured correctly:

curl --request PUT <http://localhost:3000/api/v1/entities/admin/organizations/default> \

--header 'Authorization: TOKEN'

\

--header 'Content-Type: application/vnd.gooddata.api+json'

\

--data '{

"data": {

"id": "default",

"type": "organization",

"attributes": {

"name": "Default Organization",

"hostname": "localhost",

"oauthClientId": "bd3ab3d0-944e-0139-00db-0ab9c24fd663189791",

"oauthIssuerLocation": "<https://gd-dev.onelogin.com/oidc/2>",

"oauthClientSecret": "1dd5fafd16172bf44fee5c957fa049b7851b785c7f0f0f32f1ab919dc7301cf4"

}

}

}'

This tracks. Last night I was able to overcome some hurdles. I found the issuer url for Azure. I was able to set the OIDC settings for the GoodData organization. I was able to manually work through the OAuth workflow to track down the correct sub claim value. It isn't the user OID in Azure. And finally, I am able to log in to my production workspace. It has been quite the journey (a little painful).