Bold BI embedding supports group-based authorization for OAuth 2.0 and OpenID providers. Using this support, you can configure and import your OAuth or OpenID groups into Bold BI server without users of the group. But every user from the group can access the dashboard from Bold BI.
Group-based authorization is most helpful, who feels and need not import and maintain their users information into other application due to security and redundancy.
While importing the group, users of that group has not imported into Bold BI server. Based on the group permission, users of group can access and embed the dashboards of Bold BI. As always, you can maintain your users in your provider and getting secured.
The best way to get started would be to read the following section of the documentation first, which gives enough information that you need to know before stepping into Bold BI embedding with group-based authorization.
Let us see the configuring settings for OAuth 2.0 and OpenID import, importing the group and providing access to that group.
For OAuth 2.0 connect support, you would need to configure the OAuth 2.0 in Bold BI server, follow these steps in the link.
The following are the list of few OAuth 2.0 providers and that explains how to connect with the Bold BI application.
For OpenID connect support, you would need to configure the OpenID in Bold BI server, follow these steps in the link.
The following are the list of few OpenID connect providers and that explains how to connect with the Bold BI application.
After configuring you providers, you need to import you group into Bold BI server, follow these respective link to import the groups.
Then, you need to provide access to your imported group. Follow these steps in the link, which permission helps to your users to access and embed the dashboard.
Now, you need to configure your authorization server to use the group-based authorization by adding the marked parameters in the embedQuery.
|embed_group_access||This parameter needs to set as true to enable the group-based authorization.|
|embed_auth_provider||This parameter value indicates, which auth provider you are using in embedding.
Following the values for different auth providers.
TenantOAuth – Set this, if you have configured OAuth in tenant level
TenantOpenID – Set this, if you have configured OpenID in tenant level
GlobalOAuth – Set this, if you have configured OAuth in global level
GlobalOpenID – Set this, if you have configured OpenID in global level
WindowsAD – Set this, if you have configured WindowsAD
AzureAD – Set this, if you have configured AzureAD
None – Set this, if you haven’t using any auth providers
|embed_user_id||Need to set your user id, which used in your provider for this user|
|embed_user_email||Need to set your user mail, which used in your provider for this user|
|embed_user_import||The default value is false, and the parameter is optional. This parameter needs to be set as true to enable the auto import of the user into Bold BI from an external group.|
NOTE: The previous UserID and UserEmail would be act as password for user of each provider in Bold BI.
NOTE: Use your UserID and UserEmail as followed in authorization server.
|Amazon Cognito||Set the user email as embed_user_id and embed_user_email|
- Set the user id as embed_user_id
- Set the user email as embed_user_email
In an embedding authorization action method, you can set the
embed_user_import attribute to true if you want to import the user from the external group while accessing the resource by group-based authorization.
NOTE: Currently, the user auto-import support is provided only for
The sample applications for ASP.NET Core, ASP.NET MVC, and Angular. You can get download from the following links and update your group access, auth provider, user id, and user email in the authorization server code block.