Security for Embedded Applications: Authentication
In this video, you’ll find out about the three “A”s of security and get an overview of the first “A” -- authentication.
Authentication confirms that users are who they say they are. But in embedding, the embedded application has to support the authentication standard of the parent application. And there are multiple standards. The most common is form-based, which prompts the user for a username and password. So users don’t have to login more than once, embedding platforms should also support single sign-on, for which there are also multiple standards including SAML, Kerberos, and the X.509 client certificate.
My name is Olivier Meyer. I'm a Director of Product Management at Zoomdata, and my focus area is on embedding and integration with other applications.
The Three “A”s
So, when you're looking at the security requirements for an embedding scenario, I tend to think about security in terms of three “A”s. It's a good framework to keep things in mind. It's authentication, authorization and auditing. Those are the key components to having a secure, embedded BI platform.
The First A: Authentication
And so, when I think about authentication, for those who are not familiar, authentication is the mechanism by which I can verify that you are who you say you are or that I can trust someone else to tell you that for me. And once I've authenticated you, then I can let you into the application, and whatever permissions you have, I'm gonna allow you to go do those things, whether it's to view a dashboard or view a chart.
User Rights For Authentication: Who Are You?
But, the first step is to really know that you are who you say you are. Now, most people are familiar with what we call forms based authentication. So, you've seen that as typing in your username and password on the web page. And that's great. That works well if it's a standalone application. But, when you're embedding, you don't typically want your users to have to type that in twice. They've already logged into your main application. They don't want to log in again to look at the report or dashboard.
Supporting Single Sign-On
So, what we look for in an embedded BI platform is one that supports what we call single sign-on so that your user can flow seamlessly from the parent application through to the embedded content without having to log in twice. And there are several standards that you should look for in terms of single sign on support.
Single Sign-On Standards
So, there's several standards out there for single sign-on. The most popular are SAML, which we typically see for both enterprise scenarios and public facing websites or applications, Kerberos, which is typically more for internal scenarios used within the enterprise, and you may run into something called X509 Client Certificates. We tend to run into those in the older scenarios, so maybe the government or healthcare. I guess it's an older standard. But, the key thing is they all enable that user to move seamlessly through to the embedded content without having to log in twice.
Supporting Proprietary Authentication
We do once in awhile run into companies that have implemented their own proprietary authentication mechanism. And so, it's important to make sure that the embedded BI platform you look at or the embedded analytics platform you look at has extensibility mechanisms that allow you to inject that proprietary or customer support for authentication.