Overview
This article explains how to automatically import users from external identity providers when using Group-Based Authorization Overview approach through SDK embedding. It help you to monitor which users are embedding and accessing the dashboards.
To enable automatic user import through SDK based embedding, you must configure your identity provider such as Amazon Cognito or Azure Active Directory (Azure AD) in the Bold BI server.
Identity Provider Configuration
Before enabling user import, follow the instructions specific to your identity provider:
Azure Active Directory (Azure AD)
To configure Azure AD for user and group import into Bold BI:
Amazon Cognito
To configure Amazon Cognito via OAuth 2.0:
Additionally, to understand the overall embedding process with group-based authorization, refer to the following documentation:
Enabling User Import
When using group-based authorization in embedding, you can enable automatic user import by setting the embed_user_import parameter to true in your embed configuration.
How to Set the Parameter
Include the embed_user_import parameter in your embedding authorization action method. This parameter allows Bold BI to automatically import users from the identity provider’s group when they access a dashboard for the first time.
By default, this parameter is set to false. It is optional, but required if you want auto-import functionality.
To configure your authorization server for user import via group-based authorization, include the parameters in the embedQuery.
| Parameter | Description |
|---|---|
| embed_group_access | This parameter needs to set as true to enable the group-based authorization. |
| embed_auth_provider | This parameter value indicates which auth provider you are using in embedding.
Example: embed_auth_provider=GlobalOAuth
Following are the values for different auth providers: |
| AzureAD – Set this if you have configured AzureAD | |
| TenantOAuth – Set this if you have configured OAuth at the tenant level | |
| GlobalOAuth – Set this if you have configured OAuth at the global level | |
| embed_user_id | Need to set your user id, which used in your provider for this user |
| embed_user_email | Need to set your user mail, which used in your provider for this user |
| embed_user_import | The default value is false, and the parameter is optional. This parameter needs to be set as true to enable the auto import of the user into Bold BI from an external group. |
Example: &embed_group_access=true&embed_auth_provider=GlobalOAuth&embed_user_id=1212121212&[email protected]&embed_user_import=true
NOTE: Please use your UserID and UserEmail as follows in the authorization server.
| Amazon Cognito | Set the user email as embed_user_id and embed_user_email |
| Auth0 | - Set the user id as embed_user_id - Set the user email as embed_user_email |