SSO Token Questions
We are using the below REST API call to get the SSO token (for a specific client org) to embed the reports and dashboards in our application
"userName" : "email@example.com"
"noPassword" : "true"
I have a question regarding the token generated
1) When we are getting the SSO token, I am sending the login parameters with ENTRY as VIEWREPORT. Even when the token is generated to just view the report, I can still go ahead and view a dashboard. We want to make sure that we are giving the users just the required permissions. If a user needs access to view the dashboard and reports, do I have to generate the SSO token with separate entry points or is the login parameters not needed at all
We are using the admin account to generate the accesstoken and then use that access token to get the SSO token. Is the admin account enabling the user access for a particular client org in this case.
Can you please help with this?