Among the finest options are the invisible ones, that you do not know you want till you do not have them. That’s the reason our staff at GoodData has been engaged on Simply-In-Time (JIT) Consumer Provisioning.
At present, each time our consumer desires so as to add a brand new consumer to their organisation, their admin has to create the consumer of their OIDC supplier, then create a corresponding consumer within the GoodData Platform ( and map one to the opposite accurately). Then he has to assign this consumer to the specified consumer teams, and many others.. You get the thought: It is a number of guide work.
That’s the reason, we’re introducing the JIT provisioning, the place the consumer will solely have to outline the consumer of their OIDC supplier, and we are going to deal with the remaining. Primarily including customers on demand the second they need to entry our analytics, making it seamless so as to add extra individuals for collaboration or including one other stakeholder.
Necessary facet of this alteration is that there aren’t many adjustments required on the facet of the shopper’s OIDC supplier.
How does it work?
For it to work, we have to allow the JIT provisioning for the actual buyer (accomplished on our facet) after which the shopper makes positive that the OIDC supplier is sending all the mandatory claims (login request fields).
Configure authentication supplier to ship id token with the next claims:
- sub
- given_name, family_name
- e mail
- urn.gooddata.user_groups(non-obligatory customized GoodData declare containing listing of customers userGroups)
Since we’ve got no more information in regards to the newly created customers (on the time of creation), we extremely advocate you add the consumer group(s) to the claims, to make sure the suitable entry to workspaces, as you may not need to give everybody admin.
You can too use the claims to replace present customers. As soon as the claims include given/household identify, e mail or consumer teams fields, these values are propagated to the GoodData platform.
To make it even simpler, you need not present an present consumer group within the claims. If it doesn’t exist, a brand new empty group is created.
So to see the entire story, that is what the JIT consumer provisioning provides two branches to the fundamental Consumer Authentication.
And that’s it for now. Would you prefer to be taught extra about JIT? Tell us at our Group Slack and we are going to create a walkthrough for you! 🙂
Wish to be taught extra?
Listed here are a couple of related documentation pages, like tips on how to Set Up Authentication utilizing OIDC Supplier, the OIDC Authorization Code Movement, Authentication in GoodData Cloud and tips on how to Handle Group.
Wish to strive it your self? You should use our Free Trial!
If you need to see what else we’re engaged on at GoodData, try our GoodData Labs!
