# Access, Authentication & Security

When building applications with Sisense Components or APIs, your code will need to run in an authenticated context, so that Sisense can ensure your code only accesses content intended for a given user. Sisense has several ways to achieve this, for different use-cases, listed below.

# Single Sign-On

The most common way for external applications to utilize Sisense embedded Components or APIs is via SSO (Single Sign-On), which is a way for your application to pass the user identity to Sisense and seamlessly log your user into Sisense in the background, without an explicit authentication challenge. SSO enables Sisense to delegate authentication to your application's existing auth mechanism.

Sisense supports 3 common SSO protocols:

Read more about SSO in the Sisense Product Documentation (opens new window).

# Anonymous/Stateless Token-based Access

In some cases, the named-user approach of SSO is not ideal, such as when sharing Sisense assets publicly with anonymous/unknown recipients, or when you need to embed Sisense assets in a read-only, volatile state, at scale. The Web Access Token (WAT) feature provides secure, scalable, and highly customizable view-only role access to Sisense assets, without the need to provide credentials or the use of cookies.

Read more about WAT in the Sisense Product Documentation (opens new window)

# Security

When embedding or building with Sisense, other security considerations such as CORS, CSRF and SSL should be considered - these are protocols and limitations that apply to web applications, intended to ensure the security of browser users by preventing various attacks. You can find documentation for setting up Sisense's behavior for each of these below.