Introducing Service Provider Initiated SAML SSO

Jiri Sitina's picture
Manager in SW Engineering

We are happy to announce that the GoodData platform now supports Service Provider Initiated SAML SSO integration. This update will ensure that users of applications that rely on GoodData analytics will have a much more seamless login experience going forward.

What problem does Service Provider Initiated SAML SSO solve?

The biggest benefit of Service Provider Initiated SAML SSO is that it removes much of the disruption or technical difficulty that users may have experienced when trying to access GoodData analytics through another application. For example, an unauthenticated user in Application A (your product) needed to go to an identity provider website to start a session with Application B (GoodData). That two-step process meant that bookmarked or emailed URLs didn’t work (including links coming from Application B emails). There was no easy way to access Application B (GoodData) via link or directly without taking additional steps to authenticate the user via Application A.

What does this mean for GoodData customers?

With this new functionality, customers arriving to GoodData analytics will see a login button if they are not logged in. When that user logs in, the integration with the SAML provider will go through a series of steps to authenticate the user and redirect her back to the analytics.

SAML SSO image

In the diagram below, you can see how the Service Provider Initiated SAML SSO works in the GoodData platform, by communicating between the client, the resource server, and the authorization server.

SAML SSO image

The new flow simplifies the process for  the end user. Previously, she would need to access the SAML provider’s portal directly or somehow begin the login process by clicking on a very specific link. Now the login process starts on the GoodData platform side, saving one extra step and adding convenience for the end user.

To configure the application for this log-in process, the setup is very similar to what you’ve done in the past: As a customer, you need to provide GoodData with Single Sign-On (SSO) implementation configuration details, so that your application can sign in users who exist in both your application and in GoodData platform. The authentication is done by exchanging authentication and authorization data between your application and GoodData, not by username and password. If you want to use this log-in method,, just ask us to turn on the Service Provider Initiated SAML SSO, then you can enjoy the simple login flow.

The feature is already available for widespread use (starting from the Release 195, 12th December 2019). As a backup, the user can always fall back to the original login/password form or use the original SAML flow initiated inside the client application.

SAML SSO image

With this feature, GoodData continues to extend the portfolio of authentication methods to ensure that the overall experience for end users is as smooth and easy as possible.

Want to learn more about the GoodData platform? Read our technical whitepaper!

Or do you want to see for yourself how quick and easy it can be to start with GoodData? Get started for free and create your first insights from our library of visualizations which you can integrate into your product later!

January 16, 2020
Blog Bottom - Try GoodData

Want to ask about something specific?

Contact us