I saw references to Just In Time user creation for SAML I ha GoodData #gd-beginners

I saw references to Just-In-Time user creation for...

Levi Liester

06/27/2023, 4:03 PM

I saw references to Just-In-Time user creation for SAML. I haven't seen anything for the OAuth workflow. Is there a way I can set up the OIDC workflow to automatically create users vs having to create the user in GoodData and then manually update the user with the correct sub claim value?

Julius Kos

06/27/2023, 6:02 PM

Hello Levi, I was checking this and unfortunately, I have to confirm that anything similar to JIT flow is not possible within OIDC in our GoodData Cloud product (as it is out of box possible for GoodData Platform). The only option would be to have some custom app residing between your IdP and Gooddata.

Levi Liester

06/27/2023, 6:09 PM

Well dang. Thank you for validating this 👌

🙌🏼 1

Levi Liester

06/27/2023, 9:55 PM

Follow up question: After setting up the OIDC for my GD organization I'm required to

map users

. That involves getting the sub claim data and updating the

authenticationId

of the user in GD. Getting a sub claim seems to require going through the OAuth process with my IdP. This is a pretty manual effort. You confirmed that OAuth doesn't have a JIT flow. Is there a more reasonable way to get the

sub claim

value besides this manual OAuth workflow? I'm use Azure AD

Julius Kos

06/28/2023, 6:49 PM

Hi Levi, Sorry for the late reply. I guess this depends on the IdP provider which is used, but there should be definitely some programatic way (via API) how to retrieve a list of claims for users. However, as I’ve mentioned this is something rather related to IdP provider than GoodData.

👍 1

Open in Slack

Previous Next