Security Settings
  • 18 May 2022
  • 3 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

Security Settings

  • Dark
    Light
  • PDF

To update one or more Security settings:

  1. Click the Admin tab and, from the left-hand menu, click Security Settings.
  2. Update one or more of the following settings:
    • Session Management: You can choose which method to use for handling the expiration of your users' sessions: Cookie or Session Inactivity. For more information, see .
    • Embedded Domain White List: You can define which domains can embed your dashboards into iFrames on their site. This is useful for controlling where your dashboards can be embedded. In the Add Domain field, enter each domain where your dashboards can be embedded and click Add . If you don't add any domains, then your dashboards can be embedded into any site. After adding a domain, your dashboards can be embedded only in those domains.
    • Support Cross Site Cookies for Embedding: Select the value of the attribute Same-Site that is added to cookies when accessing Sisense. Select None if you're embedding Sisense or have implemented Sisense JS. In addition, Sisense recommends that you enable SSL when you select None. For more information about SSL, see Setting Up SSL for Sisense Linux.
    • Number of failed login attempts before lockout: Enter the number of times a user can fail to log in before they're locked out of Sisense .
    • Lockout duration (minutes): Enter the number of minutes that a user is locked out of Sisense .
    • Allow only users in imported groups to log in: When connected to Active Directory, Sisense creates a new user for your Active Directory users when they try to log in. If you want to limit which Active Directory users can create an account, toggle this switch to enabled. Only users of a Sisense Active Directory group can create an account and log in.
    • Enable Access to File Management: Toggle ON or OFF to show or hide the File Management button at the top of the Admin > System Management page. For new installations, by default, this option is toggled OFF. If you've upgraded from a previous version of Sisense, this option is toggled ON. The best practice is to disable access to File Management so that only Admins can upload files to and edit files in your Sisense directories.
Important:

Only upload files from sources that you trust.

  1. Click Save to update your system settings.

Allowed Domains for Embedded Dashboards

If you are embedding a dashboard on your website, you can control who can access the website by adding allowed domains to a whitelist.

Allowed Domains enable you to limit where your embedded dashboards can be viewed, even if someone takes the embed code from your page.

When you add a domain to the whitelist, Sisense includes the domain in the X-Frame Options header of the dashboard web page.

For example:

<add name=”X-Frame-Options” value=”ALLOW-FROM https://dashboardurl.com” />

Note:

If you are browsing with Internet Explorer, you do not need to fill in Embedded Domains White List.

The header is not included by default. You can enable it from the Configuration Manager located at http://localhost:3030.

To add your domain to a white list:

  1. In the Admin page, select Security Settings.
  2. Under Security Settings, enter your domain and the port.
    8-6secsettings.png
  3. Click Add.
  4. Click Save.

Content-Security-Policy

In Sisense V8.2.1 for Linux, following changes to the content-security-policy, the add-ons listed below did not work as expected as images and iFrames were not allowed.

To allow these add-ons to use images and iFrames, you need to modify the content-security-policy to allow domains where your resources are directed to. For example, if your resources such as an image were hosted on sisense.com, you would need to allow this domain so your Viewers could see the images in your add-on.

To modify the content-secutity-policy:

  1. Access the Configuration Manager.
  2. Expand the Content Security Policy section.
  3. Enable Custom Content Security Policy.
  4. In the fields, Frames Domains and Images Domains, enter the domains where your iFrames and images are pointing to so they can be leveraged in your add-ons. You can use wildcards such as * to allow multiple or unknown domains. For more information about wildcards, Source List Reference here.
  5. Click Save.

Was this article helpful?