Getting started
Exploring and using data
Exploring catalogs and datasets
Exploring a catalog of datasets
What's in a dataset
Filtering data within a dataset
An introduction to the Explore API
An introduction to the Automation API
Introduction to the WFS API
Downloading a dataset
Creating maps and charts
Creating advanced charts with the Charts tool
Overview of the Maps interface
Configure your map
Manage your maps
Reorder and group layers in a map
Creating multi-layer maps
Share your map
Navigating maps made with the Maps interface
Rename and save a map
Creating pages with the Code editor
How to limit who can see your visualizations
Archiving a page
Managing a page's security
Creating a page with the Code editor
Content pages: ideas, tips & resources
How to insert internal links on a page or create a table of contents
Sharing and embedding a content page
How to troubleshoot maps that are not loading correctly
Creating content with Studio
Creating content with Studio
Adding a page
Publishing a page
Editing the page layout
Configuring blocks
Previewing a page
Adding text
Adding a chart
Adding an image block to a Studio page
Adding a choropleth map block in Studio
Adding a points of interest map block in Studio
Adding a key performance indicator (KPI)
Configuring page information
Using filters to enhance your pages
Refining data
Managing page access
How to edit the url of a Studio page
Adding a map block in Studio
Visualizations
Managing saved visualizations
Configuring the calendar visualization
The basics of dataset visualizations
Configuring the images visualization
Configuring the custom view
Configuring the table visualization
Configuring the map visualization
Understanding automatic clustering in maps
Configuring the analyze visualization
Publishing data
Publishing datasets
Creating a dataset
Creating a dataset from a local file
Creating a dataset with multiple files
Creating a dataset from a remote source (URL, API, FTP)
Creating a dataset using dedicated connectors
Creating a dataset with media files
Federating an Opendatasoft dataset
Publishing a dataset
Publishing data from a CSV file
Publishing data in JSON format
Supported file formats
Promote mobility data thanks to GTFS and other formats
Configuring datasets
Automated removal of records
Configuring dataset export
Checking dataset history
Configuring the tooltip
Dataset actions and statuses
Dataset limits
Defining a dataset schema
How Opendatasoft manages dates
How and where Opendatasoft handles timezones
How to find your workspace's IP address
Keeping data up to date
Processing data
Translating a dataset
How to configure an HTTP connection to the France Travail API
Deciding what license is best for your dataset
Types of source files
OpenStreetMap files
Shapefiles
JSON files
XML files
Spreadsheet files
RDF files
CSV files
MapInfo files
GeoJSON files
KML/KMZ files
GeoPackage
Connectors
Saving and sharing connections
Airtable connector
Amazon S3 connector
ArcGIS connector
Azure Blob storage connector
Database connector
Dataset of datasets (workspace) connector
Eco Counter connector
Feed connector
Google BigQuery connector
Google Drive connector
How to find the Open Agenda API Key and the Open Agenda URL
JCDecaux connector
Netatmo connector
OpenAgenda connector
Realtime connector
Salesforce connector
SharePoint connector
U.S. Census connector
WFS connector
Databricks connector
Harvesters
Harvesting a catalog
ArcGIS harvester
ArcGIS Hub Portals harvester
CKAN harvester
CSW harvester
FTP with meta CSV harvester
Opendatasoft Federation harvester
Quandl harvester
Socrata harvester
data.gouv.fr harvester
data.json harvester
Processors
What is a processor and how to use one
Add a field processor
Compute geo distance processor
Concatenate text processor
Convert degrees processor
Copy a field processor
Correct geo shape processor
Create geo point processor
Decode HTML entities processor
Decode a Google polyline processor
Deduplicate multivalued fields processor
Delete record processor
Expand JSON array processor
Expand multivalued field processor
Expression processor
Extract HTML processor
Extract URLs processor
Extract bit range processor
Extract from JSON processor
Extract text processor
File processor
GeoHash to GeoJSON processor
GeoJoin processor
Geocode with ArcGIS processor
Geocode with BAN processor (France)
Geocode with PDOK processor
Geocode with the Census Bureau processor (United States)
Geomasking processor
Get coordinates from a three-word address processor
IP address to geo Coordinates processor
JSON array to multivalued processor
Join datasets processor
Meta expression processor
Nominatim geocoder processor
Normalize Projection Reference processor
Normalize URL processor
Normalize Unicode values processor
Normalize date processor
Polygon filtering processor
Replace text processor
Replace via regular expression processor
Retrieve Administrative Divisions processor
Set timezone processor
Simplify Geo Shape processor
Skip records processor
Split text processor
Transform boolean columns to multivalued field processor
Transpose columns to rows processor
WKT and WKB to GeoJson processor
what3words processor
Data Collection Form
About the Data Collection Form feature
Data Collection Forms associated with your Opendatasoft workspace
Create and manage your data collection forms
Sharing and moderating your data collection forms
Dataset metadata
Analyzing how your data is used
Getting involved: Sharing, Reusing and Reacting
Discovering & submitting data reuses
Sharing through social networks
Commenting via Disqus
Submitting feedback
Following dataset updates
Sharing and embedding data visualizations
Monitoring usage
An overview of monitoring your workspaces
Analyzing user activity
Analyzing actions
Detail about specific fields in the ods-api-monitoring dataset
How to count a dataset's downloads over a specific period
Analyzing data usage
Analyzing a single dataset with its monitoring dashboard
Analyzing back office activity
Using the data lineage feature
Managing your users
Managing limits
Managing users
Managing users
Setting quotas for individual users
Managing access requests
Inviting users to the portal
Managing workspaces
Managing your portal
Configuring your portal
Configure catalog and dataset pages
Configuring a shared catalog
Sharing, reusing, communicating
Customizing your workspace's URL
Managing legal information
Connect Google Analytics (GA4)
Regional settings
Pictograms reference
Managing tracking
Look & Feel
Branding your portal
Customizing portal themes
How to customize my portal according to the current language
Managing the dataset themes
Configuring data visualizations
Configuring the navigation
Adding IGN basemaps
Adding assets
Plans and quotas
Managing security
Configuring your portal's overall security policies
A dataset's Security tab
Mapping your directory to groups in Opendatasoft (with SSO)
Single sign-on with OpenID Connect
Single sign-on with SAML
Parameters
- Home
- Managing your portal
- Managing security
- Mapping your directory to groups in Opendatasoft (with SSO)
Mapping your directory to groups in Opendatasoft (with SSO)
Updated by Patrick Smith
Opendatasoft allows access to your workspace to be managed through a single sign-on (SSO) authentication solution, and currently supports the OpenID Connect and SAML protocols.
Opendatasoft allows you to map the relationship between your company's SSO user groups and your user groups in Opendatasoft. This way, your users will automatically be assigned to their appropriate Opendatasoft groups and have the permissions associated with those groups.
The instructions below detail how, for each group in your workspace, you can define automatic membership based on whichever attributes are relevant—anyone in your marketing department, or instead just marketing managers, all managers regardless of department, all IT department admins, or perhaps only people who are both a manager and part of the IT department, etc.
Note that to configure this feature you must:
- Be one of your workspace's adminstators
- Have SSO functionality as part of your licence or plan
- Have reached out to request activation of OpenID and/or SAML on your plan
Where to start—creating a new mapping
To start, go to Configuration > Signup, where once they're activated you should see tabs for SAML or OpenID Connect. In the examples here, we'll use OpenID, but the same applies for SAML as well.
There, activate the toggle next to "Allow access for OpenID Connect users."
Then, scroll to the bottom of the Signup tab, under "ODS Group Mapping."
In the example here, there are already mappings for two groups, but this is where you should go to create new mappings or edit existing mappings.
Click on the Edit button to the right.
This will open the interface in which you create and edit all of your mappings. To create a new mapping, click "+ New group mapping." To edit an existing mapping, roll over it and click then pencil icon.
Don't forget to click Finish when you're done editing to record your modifications.
Configuring a mapping
New group mapping
Once you've clicked the New group mapping button, the window will prompt you to select a group from your Opendatasoft workspace. Select the group you'd like to map.
Adding keys and values
Keys and values correspond to "attributes" in the SAML protocol, and "claims" in OpenID, and are how you configure the mapping.
Keys are unique, and keys and values are cumulative
Note that the same key cannot be used twice in the same mapping.
Especially, it's important to note that keys and values are cumulative. In other words, the criteria are restrictive and not additive. If you map membership to a group based on two keys, only a user that corresponds to both keys will qualify. And if multiple values are specified for a key, that user would need to correspond to all of the values to be included.
Alternately, if no value is provided, all values will be assumed.
An example
In the example here, we're mapping for a "Domain administrators" group in Opendatasoft.
Let's imagine we want to give membership to the "Domain administrators" group to the support managers in our company's IT departments in Europe and in the United States, but not in Asia. And finally, we want the Chief Operating Officer, or COO, to have access as well. This would look something like this:
Mapping 1 gives membership to the "Domain administrators" group to the IT department, but only to IT users who are both part of the support team and are managers. Finally, we've limited membership to Europe.
Mapping 2 provides the same access to the IT support managers in the United States.
And since within a mapping, keys are unique, so you can't simply add a second "Location" key to Mapping 1. Instead, you must create a second mapping, identical to the first except for the different location criteria.
Finally, Mapping 3 provides this access directly to the COO. There is no need to specify their department or location, for example, since there's only one COO.
Avoid mixing manual and automatic group management
Once you have mapped your groups, your users will automatically be given group membership through the SSO. Keep in mind, however, that users can still be given group membership manually.
Alternately, if for a given user you provide membership to a group through the SSO, manually removing them from that group will not remove their membership, as membership is still being provided by the SSO.
In short, avoid mixing methods of providing group memberships.