Hi, we´ve been investigating today why SSO users c...
# gooddata-cloud
Hi, we´ve been investigating today why SSO users can´t log in to embedded GoodData. We are using Auth0 and organizations , and it looks like Auth0 doesn´t remember the organization. Hence, when GoodData tries to authenticate the user, it tries it with empty organization and user gets redirected to plain login page. We have configured the SSO connections under the Auth0 organizations, which explains this behaviour. auth0-sdk has some magic for this (stores organization id to cookie basically), and that´s why we have it working elsewhere. The question is, is there any way we could pass extra parameters to be sent to Auth0 on login? for example /appLogin?organizationId=org_1235 ?
Hi @Juha-Pekka Laine I will require some testing from our side, please hang on. How are you embedding GoodData?
It’s iframe currently
We might have found a workaround, but we don’t know if it’s gonna work well enough. The org id parameter would be most robust way
Hello @Juha-Pekka Laine based on your question above, this approach of passing extra params is currently not supported. In future we consider to support passing any parameters especially in case of future support of more OIDC per organization. I am happy to hear if you found any way how to handle your situation. Please let us know if anything needed. Regards Lubos
@Juha-Pekka Laine may I ask you what is the workaround?
Hi, as we have GoodData embedded as an iframe, the parent page is always authenticated with Auth0, and to the organization in this SSO case. We have persistent sessions in use in Auth0, and thus by default it uses that session. The workaround was to enable these SSO connections directly in the GoodData application in Auth0 as well, so that those connections can be used even if the organization is not defined. (We made these SSO connections invisible from the Auth0 login screen.) The Auth0 session does seem to be able to reuse the SSO connection session, if it´s available directly to the application in Auth0. In multitenant setup we can´t normally have all these connections available for all the users. So initial login is through the organization in our main application, and when GoodData authenticates, it does it without organization, but Auth0 session remembers the SSO connection even without organization, if the connection bound to the application. We just need to ensure our main application keeps the session active, so that it´s always available for GoodData
🎉 New note created.