Implementing Anonymous User Embedding in Bold BI: A Complete Step-by-Step Guide
Overview
Many organizations embed analytics into customer portals, partner platforms, or SaaS applications. In these scenarios, business users already authenticate into the host application and should not be required to maintain separate user accounts inside Bold BI.
To address this requirement, Bold BI provides Anonymous User Embedding. This feature allows dashboards to be rendered inside your application without registering each business user as a Bold BI user.
Access control is handled securely using an embed token generated by your backend application, ensuring that dashboards remain protected while eliminating the need to manage individual BI user accounts.
What is Anonymous User Embedding?
Anonymous User Embedding allows dashboards to be rendered without establishing a Bold BI login session. Instead of authenticating users inside Bold BI, your application generates a secure embed token that authorizes access.
This means:
- Business users do not need to be created as Bold BI users
- User identity remains managed in your application
- Access is enforced using group permissions defined in Bold BI
Row-Level Security(RLS) can still be applied throughgroup-basedconfiguration
Although there is no Bold BI login session, access control remains fully enforced based on the group specified in the embed token.
Recommended Usage
Anonymous embedding is best suited for:
- Customer-facing SaaS applications
- Multi-tenant portals
- Partner platforms
- Applications managing their own authentication system
It is not recommended when:
- Users must design or edit dashboards
- Users require persistent personal dashboard settings
- Granular per-user BI roles must be maintained inside Bold BI
- Sensitive internal data exposure
Interaction Model: Anonymous embedding operates in a viewing-only interaction mode by design. Editing capabilities are not exposed in anonymous embedding. When embedding with anonymous user embedding enabled, dashboards always render in view mode. Designer functionality requires an authenticated session. If a user attempts to access design features, authentication is required.
Prerequisites
- Bold BI site with embedding enabled
- System User enabled in UMS
- At least one Bold BI group created for anonymous access
- Dashboards assigned to that group
- Secure backend service to generate embed tokens
Step 1: Launch Bold BI
Login to the Bold BI Application and click on Manage sites(Admin Access) to Navigate UMS.
Step 2: Enable System User in UMS
Anonymous embedding requires the Bold BI System User to be enabled.
- Navigate to
UMS (User Management System) - Open
Accounts Settings - Enable
System User - Save changes
Why this step is required: Anonymous embedding internally uses the System User context to evaluate permissions.
Step 3: Create a Group for Anonymous Access
Anonymous users are mapped to a Bold BI group. This group determines dashboard access.
- Go to User Management → Groups
- Create a new group (Example: AnonymousDashboardUsers)
- Save the group
Step 4: Assign Dashboard Permissions to the Group
Grant dashboard access to the newly created group.
How Anonymous Embedding Works
- The client application requests dashboard access
- Your server generates an embed token
- The token specifies permitted dashboards and expiry
- The client loads the dashboard using the embed token
- Bold BI validates the token before rendering
No Bold BI user identity is created during this process.
Generate Anonymous Embed Token (Backend)
To securely embed a Bold BI dashboard within your application, it is essential to generate an Embed Token. Starting from Bold BI version 14.1, an object model structure has been introduced to facilitate token generation by invoking the token generation endpoint through a POST API request. This enhancement simplifies the process of supplying the required information.
For those who are new to Bold BI embedding, please consult the user guide for a more comprehensive explanation at the following link:
Your application must generate an embed token that instructs Bold BI to treat the
viewer as anonymous.
The embed token request must include the following anonymous user embedding related parameters in the embed token generation payload.
| Parameter | Description | Required? |
|---|---|---|
anonymous.isenabled |
Enables anonymous embedding | Yes |
anonymous.groupname |
Defines dashboard access | Yes |
email |
Identifier for tracking purposes only | Optional |
[HttpPost]
[Route("TokenGeneration")]
public string TokenGeneration()
{
var embedDetails = new
{
serverurl = "http://localhost:52206/bi/",
siteidentifier = "site/site1",
embedsecret = "<Embed Secret Key>",
dashboard = ''9a9fd86c-90d7-46ef-8de6-b1fc0dfe5abb";
},
// Anonymous details
email = "[email protected]", // Email of the anonymous user (not in Bold BI)
anonymous = new
{
isenabled = true, // This property enables anonymous embedding.
groupname = "AnonymousDashboardUsers" // The group name under which the anonymous user will be authorized
}
};
//Post call to Bold BI server
var client = new HttpClient();
var requestUrl = "http://localhost:52206/bi/api/site/site1/embed/authorize";
var jsonPayload = JsonConvert.SerializeObject(embedDetails);
var httpContent = new StringContent(jsonPayload, Encoding.UTF8, "application/json");
var result = client.PostAsync(requestUrl, httpContent).Result;
var resultContent = result.Content.ReadAsStringAsync().Result;
return JsonConvert.DeserializeObject<dynamic>(resultContent).Data.access_token;
}
Note: The above code snippet applies to Bold BI version 14.2 and later.
For earlier versions of Bold BI, please follow the implementation described in the documentation.
Embed the Bold BI Dashboard
Once an embed authorization token has been generated on the backend server side, use it on the frontend to securely render a Bold BI dashboard.
Note: Please refer to the user guide documentation section if you are new to Bold BI embedding. It provides a comprehensive, step-by-step guide on how to embed a dashboard.
<body onload="embedDashboard();">
<div id="dashboard_container_id"></div>
<script>
function embedDashboard() {
getEmbedToken().then(accessToken => {
var boldbiEmbedInstance = BoldBI.create({
serverUrl: "<Bold BI Server URL>",
dashboardId: "<Dashboard Id>",
embedContainerId: "dashboard_container_id",
embedToken: accessToken
});
boldbiEmbedInstance.loadDashboard();
}).catch(error => {
console.error("Failed to get embed token:", error);
});
}
function getEmbedToken() {
return fetch('/tokenGeneration', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({})
})
.then(response => {
if (!response.ok) throw new Error("Token fetch failed");
return response.text();
});
}
</script>
</body>
Supported Limitations
| Capability | Behavior |
|---|---|
| Dashboard Viewing | Supported |
| Dashboard Editing | Not Supported |
| Widget Editing | Not Supported |
| Create / Delete Dashboards | Not Supported |
| User Personalization (Saved Views) | Not Supported |
| Role-Based Enforcement (per Bold BI role) | Not Supported |
| Permission Enforcement | Group-Based (via embed token) |
Security Considerations
- Protect application secrets
- Use HTTPS exclusively
- Restrict group permissions carefully
Additional References
