SAML Authentication

The SAML authentication logic is nearly identical to MOIDC authentication.

To set it up, follow the MOIDC setup guide and change the details described below.

SAML Configuration

SAML configuration uses the same API endpoint as MOIDC but with a slightly different payload. Instead of OAuth-related parameters, it uses the samlMetadata parameter, which should be defined by a Base64-encoded XML document containing the SAML metadata.

Example: Registering a SAML Provider

To register a new SAML provider, send a POST request to the /api/v1/entities/identityProviders API endpoint with the following payload:

{
  "data": {
    "attributes": {
      "customClaimMapping": {
        "property1": "string",
        "property2": "string"
      },
      "identifiers": [
        "gooddata.com"
      ],
      "samlMetadata": "string"
    },
    "id": "id1",
    "type": "identityProvider"
  }
}

Known Limitations

• If SAML and OIDC authentication are combined using Federated Identity Management, embedded visualizations are not yet supported and only the standard authentication flow is currently available.