Access, Authentication & Security

When building applications with Sisense Components or APIs, your code will need to run in an authenticated context, so that Sisense can ensure your code only accesses content intended for a given user. Sisense has several ways to achieve this, for different use-cases, listed below.

Single Sign-On

The most common way for external applications to utilize Sisense embedded Components or APIs is via SSO (Single Sign-On), which is a way for your application to pass the user identity to Sisense and seamlessly log your user into Sisense in the background, without an explicit authentication challenge. SSO enables Sisense to delegate authentication to your application's existing auth mechanism.

Sisense supports 3 common SSO protocols:

JSON Web Token (JWT)

JSON Web Tokens are an open, industry standard method for representing claims securely between two parties, and allow a high degree of flexibility in implementing

SAML 2.0

Security Assertion Markup Language 2.0 (SAML 2.0) is an XML-based protocol for exchanging authentication and authorization identities between security domains, and is commonly used with enterprise Identity Providers (IDPs).

OpenID Connect (OIDC)

OIDC is a JSON-based authentication layer on top of the OAuth 2.0 authorization framework.

Read more about SSO in the Sisense Product Documentation (opens new window).

Anonymous/Stateless Token-based Access

In some cases, the named-user approach of SSO is not ideal, such as when sharing Sisense assets publicly with anonymous/unknown recipients, or when you need to embed Sisense assets in a read-only, volatile state, at scale. The Web Access Token (WAT) feature provides secure, scalable, and highly customizable view-only role access to Sisense assets, without the need to provide credentials or the use of cookies.

Web Access Token

WAT is a cookie-less token based method of providing stateless and read-only access to Sisense assets.

Read more about WAT in the Sisense Product Documentation (opens new window)

Security

When embedding or building with Sisense, other security considerations such as CORS, CSRF and SSL should be considered - these are protocols and limitations that apply to web applications, intended to ensure the security of browser users by preventing various attacks. You can find documentation for setting up Sisense's behavior for each of these below.

Cross-Site Request Forgery (CSRF)

Enable CSRF to prevent unauthorized actions taken on behalf of a user that the web application trusts.

Cross-Origin Resource Sharing (CORS)

Use CORS to enable HTTP requests between different origins despite the browser's Same-Origin policy, which typically prevents cross-origin access.

SSL & 3rd Party Cookies

Setup SSL (and additional configurations) to make sure embedded applications work on newer browsers that have implemented stricter cookie policies.

Sisense Security Settings

Depending on your use case, you may require the configuration of additional security settings.