Map Users to the Organization

Once you have set up an OpenID Connect (OIDC) Identity Provider, map the users stored in the Identity Provider to the OIDC Organization. For mapping, GoodData.CN uses the sub claim .

When mapping and managing users, you will have to provide the $GDC_API_TOKEN .

Map a User in the Identity Provider to the Organization

To map a user, submit a POST request to /api/users.

Provide the value of the sub claim in the authenticationId section of the API request body.

curl --request POST \
  --header "Authorization: Bearer $GDC_API_TOKEN" \
  --header 'Content-Type: application/vnd.gooddata.api+json' \
  --data '{
      "data": {
        "id": "john.doe",
        "type": "user",
        "attributes": {
          "authenticationId": "<user-sub-claim>"
        },
        "relationships": {
          "userGroup": {
            "data": {
              "id": "adminGroup",
              "type": "userGroup"
            }
          }
        }
      }
}' https://analytics.alpha.example.com/api/entities/users

Once you have mapped the users to the Organization, create workspaces and set up their hierarchy .

Update a Mapped User

To update a mapped user (change the value of the authenticationId section or the user group that the user belongs to), submit a PUT request to /api/entities/users/{:userId}.

curl --request PUT \
  --header "Authorization: Bearer $GDC_API_TOKEN" \
  --header 'Content-Type: application/vnd.gooddata.api+json' \
  --data '{
      "id": "john.doe",
      "type": "user",
      "attributes": {
        "authenticationId": "<user-sub-claim>"
      },
      "relationships": {
        "userGroup": {
          "data": {
            "id": "adminGroup",
            "type": "userGroup"
          }
        }
      }
}' https://analytics.alpha.example.com/api/entities/users/john.doe

You cannot update a user’s id property. It is automatically generated when the user is being mapped and is immutable.

Delete a Mapped User

To delete a user, submit a DELETE request to /api/entities/users/{:userId}.

curl --request DELETE \
  --header "Authorization: Bearer $GDC_API_TOKEN" \
  https://analytics.alpha.example.com/api/entities/users/john.doe