My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
Category / Section
  2. Embedding

Authenticating Users with Cognito AWS in Bold BI Embedding

Published:

Bold BI embedding supports group-based authorization for Cognito AWS users. This allows you to configure and import your Cognito AWS groups into the Bold BI server without importing the users of the group. Users from the group can access and embed the dashboards of Bold BI, while maintaining security and avoiding redundancy.

Why Group-Based Authorization?

Group-based authorization is beneficial for those who do not want to import and maintain user information in other applications due to security and redundancy concerns. Users can be managed in the provider while maintaining security.

Getting Started with Group-Based Authorization

To get started with group-based authorization in Bold BI embedding, follow these steps:

  1. Read the Getting Started with JavaScript embedding documentation.
  2. Learn about the Authorize API in JavaScript embedding.
  3. Configure Cognito AWS with Bold BI server by following the Amazon Cognito documentation.
  4. Import your group into Bold BI server by following the Import OAuth Groups documentation.
  5. Provide access to your imported group by following the steps in the Manage Permissions documentation.

Configuring the Authorize API

We have samples in different platforms to perform JavaScript embedding. You can download the sample from the respective GitHub repository to embed the dashboard in your application. The embedded sample, navigate to the authorize API, and configure it to use group-based authorization by adding the following parameters in the embedQuery:

Parameter Description
embed_group_access This parameter needs to set as true to enable the group-based authorization.
embed_auth_provider This parameter value indicates, which auth provider you are using in embedding.
Example: `embed_auth_provider=GlobalOAuth`

Following the values for different auth providers.
TenantOAuth – Set this, if you have configured OAuth in tenant level
TenantOpenID – Set this, if you have configured OpenID in tenant level
GlobalOAuth – Set this, if you have configured OAuth in global level
GlobalOpenID – Set this, if you have configured OpenID in global level
WindowsAD – Set this, if you have configured WindowsAD
AzureAD – Set this, if you have configured AzureAD
None – Set this, if you haven’t using any auth providers
embed_user_id Need to set your user id, which used in your provider for this user
embed_user_email Need to set your user mail, which used in your provider for this user

image.png

Example: &embed_group_access=true&embed_auth_provider=GlobalOAuth&embed_user_id=user@domain.com&embed_user_email=user@domain.com

Note: The UserID and UserEmail will act as a password for each provider’s user in Bold BI. Set the user email as both embed_user_id and embed_user_email. embed_user_id will vary for other providers.

Similarly, you can also use other OAuth 2.0 or OpenID providers in the Bold BI server.

OAuth 2.0 Providers
OpenID Providers

Additional References

Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
SM
Written by Soundarya Mani Meharan
Updated:
Comments (0)
Please  to leave a comment
Access denied
Access denied