Embedding and Single Sign-On

You can embed reports and dashboards in other applications using a single sign-on (SSO) mechanism. This allows your own authentication mechanism to authenticate the user within your application. Then your application requests an authentication token for the user to access embedded Birst reports and dashboards, for example, in an HTML Iframe.

The authentication token is opaque, single use, and has a limited lifetime. All requests (token request, embedding) can be IP restricted on a per-user basis if required. With this approach, there is no need for Birst to call back to your authentication system to validate credentials or for Birst and your system to synchronize credentials.

Note: The code for SSO must run on the server side, not on the client side.

There is a two-step process; Birst first needs an SSL encrypted POST to pass the initial credentials (the HTTPS POST to the token generator), then Birst can safely access the reports and dashboards. You only have to pass the birst.SSOToken in the initial request. Subsequently, the session is already established and the user has been authenticated. Remaining requests will pass information via a session-specific cookie (handled transparently via the browser).

Note: Cookies and JavaScript must be enabled on the client browser for Birst to function.