Documentation
Demos
Support
Blog
Start Free Trial
Search results

Overview

Bold BI embedding supports group-based authorization for OAuth 2.0 and OpenID providers. Using this support, you can configure and import your OAuth or OpenID groups into Bold BI server without users of the group. But every user from the group can access the dashboard from Bold BI.

Why group-based authorization

Group-based authorization is most helpful, who feels and need not import and maintain their users information into other application due to security and redundancy.

While importing the group, users of that group has not imported into Bold BI server. Based on the group permission, users of group can access and embed the dashboards of Bold BI. As always, you can maintain your users in your provider and getting secured.

How to embed with group-based authorization.

The best way to get started would be to read the following section of the documentation first, which gives enough information that you need to know before stepping into Bold BI embedding with group-based authorization.

Let us see the configuring settings for OAuth 2.0 and OpenID import, importing the group and providing access to that group.

  1. For OAuth 2.0 connect support, you would need to configure the OAuth 2.0 in Bold BI server, follow these steps in the link.

    The following are the list of few OAuth 2.0 providers and that explains how to connect with the Bold BI application.

  2. For OpenID connect support, you would need to configure the OpenID in Bold BI server, follow these steps in the link.

    The following are the list of few OpenID connect providers and that explains how to connect with the Bold BI application.

  3. After configuring you providers, you need to import you group into Bold BI server, follow these respective link to import the groups.

  4. Then, you need to provide access to your imported group. Follow these steps in the link, which permission helps to your users to access and embed the dashboard.

  5. Now, you need to configure your authorization server to use the group-based authorization by adding the marked parameters in the embedQuery.

    Parameter Description
    embed_group_access This parameter needs to set as true to enable the group-based authorization.
    embed_auth_provider This parameter value indicates, which auth provider you are using in embedding.
    Example: `embed_auth_provider=GlobalOAuth`

    Following the values for different auth providers.
    TenantOAuth – Set this, if you have configured OAuth in tenant level
    TenantOpenID – Set this, if you have configured OpenID in tenant level
    GlobalOAuth – Set this, if you have configured OAuth in global level
    GlobalOpenID – Set this, if you have configured OpenID in global level
    WindowsAD – Set this, if you have configured WindowsAD
    AzureAD – Set this, if you have configured AzureAD
    None – Set this, if you haven’t using any auth providers
    embed_user_id Need to set your user id, which used in your provider for this user
    embed_user_email Need to set your user mail, which used in your provider for this user
    embed_user_import The default value is false, and the parameter is optional. This parameter needs to be set as true to enable the auto import of the user into Bold BI from an external group.

    NOTE: The previous UserID and UserEmail would be act as password for user of each provider in Bold BI.

    Example: &embed_group_access=true&embed_auth_provider=GlobalOAuth&embed_user_id=1212121212&embed_user_email=user@domain.com

    Group Based Authorization

    NOTE: Use your UserID and UserEmail as followed in authorization server.

    Amazon Cognito Set the user email as embed_user_id and embed_user_email
    Auth0
    - Set the user id as embed_user_id
    - Set the user email as embed_user_email
    Okta
    OneLogin

Enabling user import with group-based authorization

In an embedding authorization action method, you can set the embed_user_import attribute to true if you want to import the user from the external group while accessing the resource by group-based authorization.

Example: &embed_group_access=true&embed_auth_provider=GlobalOAuth&embed_user_id=1212121212&embed_user_email=user@domain.com&embed_user_import=true

Group Based Authorization

NOTE: Currently, the user auto-import support is provided only for Amazon Cognito and Azure AD configurations.

The sample applications for ASP.NET Core, ASP.NET MVC, and Angular. You can get download from the following links and update your group access, auth provider, user id, and user email in the authorization server code block.

Previous
Next