I have built a "basket" in my react front end. Selecting a value, applies a list of possible values as filter to the gooddata entity. I need to add CRUD, auth and DB and ensure I can SSO to GoodData. Trying to keep the tech stack simple, any recommendations / opinions for auth/db, welcome. I'm using the react starter with gdui.

Hey @Michael Serres. GoodData platform supports 2 types of SSO ... SAML 2.0 and our proprietary one based on PGP. I recommend to use SAML 2.0 if possible. You can use any identity provider supporting SAML 2.0 as e.g. Auth0 or Okta. PGP based SSO is good for custom implementations. You just need to take logged in user, sign and encrypt a message on backend and send it via user to our platform. I recommend to read: https://community.gooddata.com/administration-kb-articles-49/getting-started-with-sso-591

Helpful thank you. If I need to store user preferences, that serve as filters for GoodData UI., like user A can only see Country Z. Do you recommend? Auth0 plus DB solution? Firebase? Supabase? Have clients successfully integrated SSO/SAML with the platform above?

If the filters are mandatory for the users, I would store them in GoodData. There is a functionality for it - https://help.gooddata.com/doc/enterprise/en/workspace-and-user-administration/managing-workspace-data-and-data-access/data-permissions Also explained here in the community: https://community.gooddata.com/dashboards-and-reports-56/data-permissions-variable-filters-and-user-permissions-and-custom-roles-in-general-589

Well noted @Martin Burian thanks. We'll a 1,000 users migrated. Any guides using Google IAM IdP to SSO into gd.ui? Do I really need to invite all users to the workspace? The documentation is rather thin or I missed it. "If you use a SAML SSO implementation with the Identity Provider-initiated scenario, make sure that login is done via your Identity Provider (Okta, Auth0 and so on) and the login code in your app queries the Identity Provider’s API."

Hi Michael. Users needs to be member of workspace in order they can access it. There are multiple options how you can add them to workspace - invite them, invite them via api, add them to workspace via API or use SAML Just In Time provisioning. Documentation about managing users is available here: https://help.gooddata.com/doc/free/en/workspace-and-user-administration/managing-users-in-workspaces/provisioning-users-to-domains-and-workspaces We also have a provisioning add-on which provides provisioning using file / table - https://help.gooddata.com/doc/enterprise/en/workspace-and-user-administration/managin[…]rkspaces-via-life-cycle-management/bricks/provisioning-brick. Basically it is a tool which communicates with the API and it is running on our platform. It is also possible to use Ruby SDK for provisioning - https://sdk.gooddata.com/gooddata-ruby-doc/docs/getting_started. We do not have any guide to integrate with Google IAM idp. If it supports SAML 2.0, it should be easy, otherwise you would need to fallback to the PGP SSO. With SAML SSO you can use 2 scenarios: • Identity provider initiated - users starts in idp • Service provider initiated - users starts in gooddata and request login via idb associated with the environment Hope it helped.