Bold BI embedding supports group-based authorization for OAuth 2.0 and OpenID providers. With this support, you can configure and import your OAuth or OpenID groups into the Bold BI server without importing the users of the group. However, every user from the group can access the Bold BI dashboard.
Before embedding, review these essential guides:
Let’s take a look at the configuration settings for Azure AD, OAuth 2.0 and OpenID import, importing the group, and granting access to that group.
To have Azure AD connect support, you would need to configure the Azure AD in Bold BI server. Please follow these steps provided in the link.
The following link explains how to connect with the Bold BI application.
To have support for OAuth 2.0 connect, you will need to configure OAuth 2.0 in the Bold BI server. Please follow the steps provided in the link.
The following is a list of a few OAuth 2.0 providers, and it explains how to connect with the Bold BI application.
For OpenID connect support, you would need to configure the OpenID in Bold BI server, follow these steps in the link.
The following is a list of a few OAuth 2.0 providers, and it explains how to connect with the Bold BI application.
After configuring your providers, you need to import your group into the Bold BI server. Follow these respective links to import the groups.
Then, you need to provide access to your imported group. Follow these steps in the link, which will help your users to access and embed the dashboard.
Now, you need to configure your authorization server to use group-based authorization by adding the marked parameters in the embedQuery.
Parameter | Description |
---|---|
embed_group_access | This parameter needs to set as true to enable the group-based authorization. |
embed_auth_provider | This parameter value indicates which auth provider you are using in embedding.
Example: embed_auth_provider=GlobalOAuth
Following are the values for different auth providers: |
AzureAD – Set this if you have configured AzureAD | |
TenantOAuth – Set this if you have configured OAuth at the tenant level TenantOpenID – Set this if you have configured OpenID at the tenant level |
|
GlobalOAuth – Set this if you have configured OAuth at the global level GlobalOpenID – Set this if you have configured OpenID at the global level |
|
WindowsAD – Set this if you have configured WindowsAD | |
None – Set this if you aren’t using any auth providers | |
embed_user_id | Need to set your user id, which used in your provider for this user |
embed_user_email | Need to set your user mail, which used in your provider for this user |
NOTE: The previous UserID and UserEmail would act as the password for users of each provider in Bold BI.
Example:
For GlobalOAuth:
&embed_group_access=true&embed_auth_provider=GlobalOAuth&embed_user_id=1212121212&[email protected]
For GlobalOpenID:
&embed_group_access=true&embed_auth_provider=GlobalOpenID&embed_user_id=auth0|5dbc1ac0835a7c0e18724875&[email protected]";
For Azure AD:
&embed_group_access=true&embed_auth_provider=AzureAD&embed_user_id=cda791a1-3dec-4e52-a70c-38323aafe256&[email protected]
NOTE: Please use your UserID and UserEmail as follows in the authorization server.
Amazon Cognito | Set the user email as embed_user_id and embed_user_email |
Auth0 | - Set the user id as embed_user_id - Set the user email as embed_user_email |
Okta | |
OneLogin |
Enable this feature to dynamically import users from external identity provider groups when they access embedded dashboards. This ensures users inherit group permissions without being manually added to the Bold BI server.
For more details, refer to the Enabling user import with group-based authorization
The sample applications for ASP.NET Core, ASP.NET MVC, and Angular can be downloaded from the following links. Once downloaded, you can update your group access, authentication provider, user id, and user email in the authorization server code block.