SSO Token Questions
Hey Team
We are using the below REST API call to get the SSO token (for a specific client org) to embed the reports and dashboards in our application
REST API : https://developers.yellowfinbi.com/api/login-tokens
{
"signOnUser": {
"userName" : "test@g.com"
},
"loginParameters": [
"YFTOOLBAR=FALSE",
"ENTRY=VIEWREPORT",
"REPORTUUID=de8b1d75-e6d2-4413-bc08-e25721d9ed89"
],
"noPassword" : "true"
}
I have a question regarding the token generated
1) When we are getting the SSO token, I am sending the login parameters with ENTRY as VIEWREPORT. Even when the token is generated to just view the report, I can still go ahead and view a dashboard. We want to make sure that we are giving the users just the required permissions. If a user needs access to view the dashboard and reports, do I have to generate the SSO token with separate entry points or is the login parameters not needed at all
We are using the admin account to generate the accesstoken and then use that access token to get the SSO token. Is the admin account enabling the user access for a particular client org in this case.
Can you please help with this?
Regards
Cathy James
Hi Cathy,
Thank you for reaching out to us on this. An SSO token creates a user login session, allowing them access to all Yellowfin content they have been permitted. The ENTRY parameter only sets the default entry point (ie the first item a user is directed to after login). With this in mind, if you want a user to be able to view all content then you are on the right track and you can ignore the login parameters if you wish.
Please let me know if this makes sense and if you have any further questions.
Cheers,
Neal
Hi Cathy,
Thank you for reaching out to us on this. An SSO token creates a user login session, allowing them access to all Yellowfin content they have been permitted. The ENTRY parameter only sets the default entry point (ie the first item a user is directed to after login). With this in mind, if you want a user to be able to view all content then you are on the right track and you can ignore the login parameters if you wish.
Please let me know if this makes sense and if you have any further questions.
Cheers,
Neal
Replies have been locked on this page!