Documentation
Demos
Support
Blog
Start Free Trial
Search results

Overview

Bold BI embedding supports group-based authorization for OAuth 2.0 and OpenID providers. With this support, you can configure and import your OAuth or OpenID groups into the Bold BI server without importing the users of the group. However, every user from the group can access the Bold BI dashboard.

Why group-based authorization

Group based authorization is most helpful for those who do not want to import and manage their users’ information in other applications due to security and redundancy concerns.

When importing a group, the users of that group are not imported into the Bold BI server. Based on the group permissions, users of the group can access and embed the dashboards of Bold BI. You can continue to maintain your users in your provider and keep them secure.

How to embed with group-based authorization.

To get started, it is recommended to first read the following section of the documentation, which provides enough information that you need to know before using Bold BI embedding with group-based authorization.

Let’s take a look at the configuration settings for Azure AD, OAuth 2.0 and OpenID import, importing the group, and granting access to that group.

  1. To have Azure AD connect support, you would need to configure the Azure AD in Bold BI server. Please follow these steps provided in the link.

    The following link explains how to connect with the Bold BI application.

  2. To have support for OAuth 2.0 connect, you will need to configure OAuth 2.0 in the Bold BI server. Please follow the steps provided in the link.

    The following is a list of a few OAuth 2.0 providers, and it explains how to connect with the Bold BI application.

  3. For OpenID connect support, you would need to configure the OpenID in Bold BI server, follow these steps in the link.

    The following is a list of a few OAuth 2.0 providers, and it explains how to connect with the Bold BI application.

  4. After configuring your providers, you need to import your group into the Bold BI server. Follow these respective links to import the groups.

  5. Then, you need to provide access to your imported group. Follow these steps in the link, which will help your users to access and embed the dashboard.

  6. Now, you need to configure your authorization server to use group-based authorization by adding the marked parameters in the embedQuery.

    Parameter Description
    embed_group_access This parameter needs to set as true to enable the group-based authorization.
    embed_auth_provider This parameter value indicates which auth provider you are using in embedding.
    Example: embed_auth_provider=GlobalOAuth

    Following are the values for different auth providers:
    AzureAD – Set this if you have configured AzureAD
    TenantOAuth – Set this if you have configured OAuth at the tenant level
    TenantOpenID – Set this if you have configured OpenID at the tenant level
    GlobalOAuth – Set this if you have configured OAuth at the global level
    GlobalOpenID – Set this if you have configured OpenID at the global level
    WindowsAD – Set this if you have configured WindowsAD
    None – Set this if you aren’t using any auth providers
    embed_user_id Need to set your user id, which used in your provider for this user
    embed_user_email Need to set your user mail, which used in your provider for this user
    embed_user_import The default value is false, and the parameter is optional. This parameter needs to be set as true to enable the auto import of the user into Bold BI from an external group.

    NOTE: The previous UserID and UserEmail would act as the password for users of each provider in Bold BI.

    Example: For GlobalOAuth: &embed_group_access=true&embed_auth_provider=GlobalOAuth&embed_user_id=1212121212&embed_user_email=user@domain.com

    Group Based Authorization for GlobalOAuth
    For GlobalOpenID: &embed_group_access=true&embed_auth_provider=GlobalOpenID&embed_user_id=auth0|5dbc1ac0835a7c0e18724875&embed_user_email=user@domain.com";

    Group Based Authorization for GlobalOpenID For Azure AD:

    &embed_group_access=true&embed_auth_provider=AzureAD&embed_user_id=cda791a1-3dec-4e52-a70c-38323aafe256&embed_user_email=user@domain.com

    Group Based Authorization for Azure AD

    NOTE: Please use your UserID and UserEmail as follows in the authorization server.

    Amazon Cognito Set the user email as embed_user_id and embed_user_email
    Auth0
    - Set the user id as embed_user_id
    - Set the user email as embed_user_email
    Okta
    OneLogin

Enabling user import with group-based authorization

In an embedding authorization action method, you can set the embed_user_import attribute to true if you want to import the user from the external group while accessing the resource through group-based authorization.

Example: &embed_group_access=true&embed_auth_provider=GlobalOAuth&embed_user_id=1212121212&embed_user_email=user@domain.com&embed_user_import=true

Group Based Authorization

NOTE: Currently, the user auto-import support is only provided for Amazon Cognito and Azure AD configurations.

The sample applications for ASP.NET Core, ASP.NET MVC, and Angular can be downloaded from the following links. Once downloaded, you can update your group access, authentication provider, user id, and user email in the authorization server code block.

Previous
Next