Use an External OIDC Identity Provider

To use an external OIDC Identity Provider, do the following:

  1. Create an OAuth2 client .
  2. Update the OIDC Settings of the organization .

Create an OAuth2 Client

Create an OAuth2 client with the following configuration:

  • Callback URL: https://<organization-hostname>/login/oauth2/code/<organization-hostname>
  • Grant types: Implicit, Authorization code, Refresh token
  • Claims: openid, profile, offline_access

When the OAuth2 client is created, copy and store the following parameters:

  • The client ID
  • The client secret

You will have to provide them in an API request, which you will be creating as described further in this article .

Update the OIDC Settings of the Organization

Use the following template to create an API request for updating the OIDC settings of the Organization:

You will have to provide the $GDC_API_TOKEN in the request header.

curl --request PUT \
  --header "Authorization: Bearer $GDC_API_TOKEN" \
  --header 'Content-Type: application/vnd.gooddata.api+json' \
  --data '{
  "data": {
    "id": "alpha",
    "type": "organization",
    "attributes": {
      "name": "Alpha Corp.",
      "hostname": "analytics.alpha.example.com",
      "oauthIssuerLocation": "https://<your-issuer-url>",
      "oauthClientId": "<your-client-id>",
      "oauthClientSecret": "<your-client-secret>"
    }
  }
}'  https://analytics.alpha.example.com/api/entities/admin/organizations/alpha

Example: A sample API request for setting up authentication with the Auth0 Identity Provider

curl --request PUT \
  --header 'Authorization: Bearer YWRtaW46Ym9vdHN0cmFwOk15U2VjcmV0UGFzc3dvcmQ=' \
  --header 'Content-Type: application/vnd.gooddata.api+json' \
  --data '{
  "data": {
    "id": "alpha",
    "type": "organization",
    "attributes": {
      "name": "Alpha Corp.",
      "hostname": "analytics.alpha.example.com",
      "oauthIssuerLocation": "https://alpha-corp.auth0.com/",
      "oauthClientId": "abcdefghijklmnopqrstuvwxyz0123",
      "oauthClientSecret": "abcdefghijklmno-ABCDEFGHIJKLMNOPQRS-abcdefghi_ABCDEFG"
    }
  }
}'  https://analytics.alpha.example.com/api/entities/admin/organizations/alpha

Once you have updated the OIDC settings, map the users stored in the Identity Provider to your Organization .