The Embedded Analytics Platform provides functionality that ensures seamless and secure access between the Web UI and the embedded external analytics tool. This functionality includes single sign-on (SSO) from STEP, user replication between STEP and the embedded external analytics tool, and automatic authentication.
If single sign-on to EAP is enabled in STEP, and user replication between STEP and EAP is also enabled, then STEP users will automatically be replicated in EAP. When a user logs into the Web UI for the first time, their user is created in the default EAP group automatically. The default Group Name is defined in the sharedconfig.properties. Additionally, any group membership in STEP for a user is replicated to EAP if the Group ID in STEP matches as a group name in EAP. Groups are set up in EAP independently from STEP, where EAP permissions can be applied. The user replication method allows for easy management of row-level and object-level security in EAP.
Note: Only the immediate parent group of a STEP user is taken into consideration when the user is replicated between STEP and EAP (Sisense). For example, Group1 in STEP contains SubGroup1, and the STEP user is assigned to both. In this instance, only SubGroup1 is considered. The user is replicated to SubGroup1 in EAP, if SubGroup1 exists, and also replicated to the default EAP group.
Configuration Properties
The following configuration properties must be set for SSO, user creation and replication, and authentication to function correctly. The following tables lists these configuration properties and their descriptions.
Note: All of these properties will be added to your system by Stibo Technical Services upon installation of the EAP solution. For more information, contact your Stibo Systems account manager or partner manager.
|
Configuration Property |
Description |
|---|---|
EmbeddedAnalyticsPlatform.BaseUrl |
Base URL to the EAP server instance and all associated dashboards, widgets, API requests, and JWT login, e.g., https://YourEAPServer.com |
EmbeddedAnalyticsPlatform.UseJWT |
Default value is true. Determines whether to use a JSON Web Token (JWT) for authentication when signing into the EAP server. If set to false, users will not be authenticated via STEP functionality. |
EmbeddedAnalyticsPlatform.UserAndGroupMirror.Enabled |
Controls if EAP should replicate STEP users and STEP group memberships with Sisense. If disabled, EAP will not update the user information and group membership in Sisense. Only applicable if EmbeddedAnalyticsPlatform.UseJWT=true. |
EmbeddedAnalyticsPlatform.UserAndGroupMirror.DefaultGroup |
The name of the default EAP (Sisense) group to which STEP users will be added. If the group does not exist in Sisense, a warning will be written to the step.0.log. Only applicable if EmbeddedAnalyticsPlatform.UserAndGroupMirror.Enabled=true. |
EmbeddedAnalyticsPlatform.SharedSecretKey |
The Shared Secret obtained from the external embedded analytics Admin Single Sign On configuration page. |
EmbeddedAnalyticsPlatform.Admin.Username |
Name of STEP user that will access EAP as an admin. Only applicable if EmbeddedAnalyticsPlatform.UseJWT=true. |
EmbeddedAnalyticsPlatform.Admin.Password |
Password of STEP user that will access EAP as an admin. |