Hey folks - when using Auth0 to authenticate, we c...
# gooddata-cloud
j
Hey folks - when using Auth0 to authenticate, we can have multiple/many enterprise connections within our Auth0 (Okta, Google, etc) and each should be able to log into Good Data without issues assuming we have the appropriate users set up on the Good Data side, correct?
j
Hi Josh, it is currently only possible to use one provider with your OIDC, but there are plans in the future to be able to use multiple ones. Here is a nice article describing authentication in GoodData Cloud: https://community.gooddata.com/administration-kb-articles-49/authentication-in-gooddata-cloud-823
👀 1
m
Hi Josh, if I understand the question well, you would probably want to have only one connection towards GoodData and your Auth0 serve like a federation over multiple identity providers. Or do you want to connect the multiple IdPs inside GD? If the former, I believe it should be possible already know.
j
Hi Miroslav, thanks for reaching out. So right now I am authenticating into GoodData using Auth0, and within Auth0 I am using my google workspace to allow my Google users access. What I would like to do is set up other enterprise connections within my Auth0 and allow all users (from Google, Okta, etc -- behind my Auth0) access to GoodData through the same. I am having a hard time understanding whether this will cause issues at the GoodData layer and unfortunately have minimal ability to test.
m
Hi @Josh Kladis, I double-checked with our engineering team and there is a way how you could do it already now, but it’s not perfect, as the official support for multiple OIDCs is expected to be delivered in H1 next year, as @Joseph Heun mentioned earlier. The main limitation is the direct login from GD Cloud to “federated” provider (e.g. your Google WS) is not possible. There’s additional query parameter needed for authentication callback which says “where to federate” that we currently do not support. The only possibility is adding federation options directly to Auth0 login page or login user to Auth0 before the GD Cloud backend is contacted (will re-use the existing Auth0 session).
j
Just to clarify, My users are already logging in using google credentials through Auth0 into GD with no issue. I simply want to add another provider alongside google (behind auth0).
it is like you said, i have added options to the auth0 login page for my users to login using google. i believe GD as the application session prompts auth0 as the login session and auth0 prompts another session to use federated logins but ultimately it is always auth0 handing GD a token back to the application session that matches to my GD users/permissions. with that understanding I think adding another provider behind auth0 should work the same, just having a hard time finding confirmation one way or the other.