iDashboards Products | Tips & Tricks

We have gotten some amazing feedback from our customers from our past users’ conferences. One theme we continued to hear, year over year, was the desire for more technical talk! It seems that our customers were hungry for more than just the basic tips and tricks. That’s why, for #iDashboards17, we took a cue from the cuisine of Austin, our host city, and categorized our sessions as Mild, Medium, and Hot! Jereme and Aaron, two of our tech geniuses, led one of our spiciest sessions ever: Advanced Integrations.

Many of these integrations are designed to make the user experience more seamless, while also protecting the integrity of the dashboards. This was certainly the case with SSO, or Single-Sign On. This means that users don’t need to enter in their password every time they want to access their dashboards. iDashboards has a number of options for SSO, though it’s off on default as a security measure. One of the most popular techniques is the URL based SSO. It’s incredibly easy to initiate:

  • Log into Admin
  • Click on System
  • Setting category – URL-Based SSO
  • Set the Value

The “value” is the parameter, or password, for that particular set of dashboards. It will actually live in the URL, looking much like:

Server/idashboards?ss=parametersforsinglesignon

However, since it’s visible to the end user, you’ll want to obfuscate the parameter so that only iDashboards can read it. This is a critical security step. Luckily, there’s an obfuscation tool built right into iDashboards that you can use to create secure URLs that people can’t simply guess.

Defining Different SSO Methods

  • Referer Check – This method restricts access to SSO logins based on originating website. This is particularly useful for public access dashboards, because if you click on this link from its page, it’ll work, but only from that page. This is useful because it prevents people from sharing dashboards.
  • Non-Expiring – Provide user a partially obfuscated URL to automatically login to iDashboards. This URL will work forever, so it’s technically the least secure of all the SSO methods.
  • Expiring – same as Non-Expiring, but added an expiration date and time to the URL parameters (also obfuscate). This means that access to the dashboard will go away once that date and time doesn’t match. We have users that will set URLs to expire nearly immediately!
  • Secret Key – This one is fun, because it’s double obfuscated! Secret key is obfuscated, then added to the Non-Expiring type URL, then that string is obfuscated. Very secure.
  • Password – same as Secret Key, but the “key” is the user’s iDashboards password

Regardless of the method, the purpose of the SSO is the same: to securely streamline the end-user experience, and make iDashboards easily accessible to the people you want, and protected from the people you don’t.

There are a few other advanced URL parameters that Jereme and Aaron shared with us. My favorite was the Autoloader, wherein you input a dashboard ID into the SSO URL, so that it’ll auto open upon clicking. This is particularly good for busy executives who need to see their important metrics right away. There is also Dynamic Group assignment, wherein you can change the user’s access to dashboards more nimbly. This is particularly beneficial for larger organizations that have more users than they’d want to manage on an individual basis.

Read next: The Beginner’s Guide to Dashboards and Data Security

Aaron then taught us about LDAP, which stands for Lightweight Directory Access Protocol, and functions very much the way it sounds. Our users love LDAP integration, because it requires almost no manual password management. LDAP brings iDashboards into the existing web atmosphere of your organization and unify multiple directories under one banner. This OSKAR article goes into great detail on how to set it up, but long story short – talk to your network administrator! Bind pattern in particular will require help from your network administrator, but we use a tool called jExplorer that can help you find that bind pattern before you get too lost in the weeds.

Why should you go through the trouble? User experience, of course, it paramount, but beyond that, LDAP allows for a far more secure situation. IIS even allows for 3rd party authentication methods such as SAML.

Finally, they shared some cool ways to filter data views based on the user. Combined with SSO, this creates a seamless experience for the user based on who they are and what their role is. There are two methods of user filtering in iDashboards:

  • User Macro – ${user} – Where you specify user via a SQL query, and filter the chart on the user
    • Pros: Very easy, as you don’t have to do any back end set up in iDashboards. Plus, if you have SSO, the user will never even know!
    • Cons: Since you’re filtering your data source, the data in the user name column has to correspond with the iDashboards username. Otherwise, might need to add the data into the data set.
  • Filter on User – Don’t need to use custom SQL, can just use a regular table
    • Create an additional table in the iDashboards repository database, links between department and
    • Must be called FV_USER_FILTER
    • Needs three columns – username, column_name, column_value

We had some great and very detailed questions from our more high-tech users, and even though it was the last session of the conference and highly technical, it was great to see such high engagement through the very end. That does it for us at the 2017 iDashboards Users Conference! Thanks for following #iDashboards17, and hopefully we’ll see you next year in New Orleans!

Alternative Text

Jennifer Horne Sr. Digital Marketing Coordinator @iDashboards

Jennifer Horne handles SEO, PPC, content and digital marketing for iDashboards. She has won multiple 30 Rock trivia competitions, makes a mean green curry, and loves living in Detroit.

Comments

Your email address will not be published. Required fields are marked *