I see the ability to generate a embed code that can be used in a web page.
Is that only to be used within a Losant experience, or could one of the dashboards be embedded in , let’s say, one of our customers web site.
If so, what authentication methods are available?
Hi @Lars_Andersson,
The documentation for embedding blocks can be found here, and are recommended for use in other sites. Currently no authentication is supported unless the dashboard is password-protected.
Thanks!
Julia
I did read through that, but I wasn’t sure if external sites still meant a site living within the Losant platform or someone elses.
In my current case I have a customer that want’s to embed some om my Losant dashboard within their own site. I still want some control who can get to it though. I did a test with a dashboard that is currently set to public access, but it still asks for Losant password (Not experience password) when embedded in a web page.
It’s this dashboard 5dbb013a1ba3f50006258c72
1 Like
Hi @Lars_Andersson,
I checked this out and was able to determine that the login page you are seeing is due to the dashboard being set to “private.” The embed code is for users who want to display a full Losant dashboard on a third-party website, and to use it, the dashboard must be public.
The concern for many with a public dashboard is the visualization of sensitive information by unauthorized users. I would recommend either cloning your dashboard and removing any sensitive data or embedding non-sensitive single blocks into the external website. Also, keep in mind that the Dashboard List Block and Application List Block will not display data when embedded, regardless of access.
I am going to look around for some other options, but in the meantime, I believe I would benefit from hearing your use case. Is the data to be displayed sensitive or personal? Since a public dashboard can be accessed through a direct link (showing a non-editable, read-only dashboard), would there be a security risk for sensitive data if someone accessed the dashboard this way?
Thanks!
Julia
It’s set to public according to the setting for that dashboard, so I’m not sure how you determine it’s private.
Further info: the data is not personal, but could be sensitive for our customers competitor, so I definitely need to have some control on who sees what.
Hi @Lars_Andersson,
I did double check this dashboard and it does appear to be set to public, my apologies! The current recommendation for displaying sensitive data within a 3rd party website would be to set the dashboard to password-protected, this way, there is still control over who can access the data.
Thanks!
Julia
How should that password be passed along from their site?
By setting a header?
any further info here?
Hi Lars,
Could you clarify this question? Are you hoping to have the dashboard displayed after logging in on a 3rd party website?
Thanks,
Julia
Yes, so if they are logged on to that third party website, it would be nice if their application could pass along the password needed, so they wouldn’t also have to log in to the dashboard I’m serving up.
I’m hoping to have some context variables too for this dashboard, so it can handle several devices.
Can that be passed along in a header or some other way?
It’s just for a demo right now.