Security Settings

To update one or more Security settings:

  1. Click Admin in the top menu, and then Settings on the left.
  2. Update one or more of the following settings:
    • Session Management : You can choose which method to use for handling the expiration of your users' sessions: Cookie or Session Inactivity. For more information, see User Sessions.
    • Embedded Domain White List: You can limit the list of domains, where you can embed your dashboards into iFrames (using EmbedSDK or just embedding in a frame). This is useful for controlling where your dashboards can be embedded. In the Add Domain field, enter each domain where your dashboards can be embedded and click Add. If you don't add any domains, then your dashboards can be embedded into any site. After adding a domain, your dashboards can be embedded only in those domains.
    • Support Cross Site Cookies for Embedding: Select the value of the attribute Same-Site that is added to cookies when accessing Sisense. You have to select None if you're embedding Sisense using SisenseJS, EmbedSDK or even embedding Sisense in a frame. Also you have to enable SSL when you select None.
    • Number of failed login attempts before lockout : Enter the number of times a user can fail to log in before they're locked out of Sisense .
    • Lockout duration (minutes) : Enter the number of minutes that a user is locked out of Sisense.
    • Allow only users in imported groups to log in : When connected to Active Directory, Sisense creates a new user for your Active Directory users when they try to log in. If you want to limit which Active Directory users can create an account, toggle this switch to enabled. Only users of a Sisense Active Directory group can create an account and log in.
  3. Click Save to update your system settings.

Allowed Domains for Embedded Dashboards

If you are embedding a dashboard on your website, you can control who can access the website by adding allowed domains to a whitelist.

Allowed Domains enable you to limit where your embedded dashboards can be viewed, even if someone takes the embed code from your page.

When you add a domain to the whitelist, Sisense includes the domain in the X-Frame Options header of the dashboard web page.

For example:

<add name=”X-Frame-Options” value=”ALLOW-FROM https://dashboardurl.com” />

Note:

If you are browsing with Internet Explorer, you do not need to fill in Embedded Domains White List.

The header is not included by default. You can enable it from the Configuration Manager located at http://localhost:3030.

To add your domain to a white list:

  1. In the Admin page, select Security Settings.
  2. Under Security Settings, enter your domain and the port.
  3. Click Add.
  4. Click Save.

.r.