Public and Private Embedding Looker Content in Web Application
This is going to be a series of articles on Embedding in Looker, starting from the very basics Embedding — Public, to eventually working on Private Embedding, then Embedding like Single-Sign-On (SSO) and Single-Sign-on (SSO) SDK Embedding which becomes gradually more complex. This is the first part of the series where I will be talking about public, and private embedding and how to embed the Looker content using these Embedding options. We will also talk about the pros and cons of both Embedding options.
Introduction :
Embedding is integrating external content into another website or Page. In Looker, we can embed Looks, Explore, and Dashboard content. With Looker, you can empower your users and customers to explore data embedded into an iframe in any HTML-formatted webpage, portal, or application. Looker in Google Cloud provides four Embedding options:
- Public Embedding.
- Private Embedding.
- Single-Sign-On (SSO) Embedding.
- Single-Sign-On (SSO) with Embed SDK.
The above three mentioned options allow you to create the iFrame depending on the level of user authentication. The iFrame by design is read-only and doesn’t allow editing or writing data.
Prerequisite:
To work with Embedding in Looker one should have exposure to integrating the frontend application with the backend. In Public Embedding, we need to have a Looker instance with Admin access. The Looker admin needs to enable the Public URLs option in the Data Policy Block Panel to make this option available for the users and also enable the Public Access for the Looks. In Private Embedding, we don’t require Looker admin access.
Public Embedding:
This is one of the least secure methods of Embedding the Looker Content. We can only Embed Look’s visualization or data table with these Embedding options. The Looker admin needs to enable the Public URLs option under the General > Settings > Data Policy > Public URLs -> Enabled to make this option available for the users. As described in the below snippet.
To share the Look with a broader audience. We need to enable public access on Looks which is need to be embedded. Once we enable public access, Looker provides a list of shortened, unguessable public URLs.
Step to Enable the Public Access for saved Look:
- Exit the Development Mode if already in.
- Ope the Look you want to share.
- Click on Gear menu -> Edit Settings -> Enable Public Access -> Click Save.
Once the public access for the Look or data table to be Embedded is enabled, after that, we can copy the required URL to be embedded and paste it into your iframe tag as described below.
<iframe src = "https://Looker_Host/public/looks/1"> </iframe>Private Embedding:
In this, we directly manage the iFrame tag to embed the looker content. With Private Embedding, we can embed the Looks, Dashboard, and Explore in the Frontend Web Application. The user logs into Looker separately from the host application. This option requires the user to log in to the Looker instance via the Looker UI. This means that the user will be subject to the Looker platform’s security settings. To generate the embedded URL we need the add the /embed/ at the right place in the URL.
Example:
Original URL Format : "https://Looker_Host/looks/3"
Embeded URL Format: "https://Looker_Host/embed/looks/3"As we can see in the above URL, the embedded URL is used in the iFrame tag as described below:
<iframe src="https://Looker_Host?allow_login_screen=true"
width="1500" height="700" frameborder="0">
</iframe>Note: If we add allow_login_screen=true to your embed URL it will display a login screen to users who haven’t logged in already. If you do not add this parameter, a 401 error will be displayed to users who are not already logged in.
One of the important points that need to consider when doing private embedding is that Looker enforces a same-origin policy for iframe content, which means that a page cannot be displayed in an iframe if the parent page domain name is different from the iframe page domain name. So in case of Private Embedding of Looker content in an iframe of a web page hosted by a non-Looker domain, you need to disable Same-Origin Protections for Looker Login Pages so that Looker can display the login page in the iframe and allow users to log into Looker as show in the below Disable Same Origin Policy Image or else you will get the CORS (Cross-Origin-Resource Sharing) error or the other way are you can refer the below article approach 2 to fix the CORS issue and embedded the Looker Content.
Session Length in Private Embedding : Users who are logged in and accessing privately embedded content are subject to the settings in the Sessions Admin panel, which determine how long they can stay logged in, if they can log in from multiple browsers, and if they will be logged out after a period of inactivity.
Conclusion:
In this article, we saw how we can generate Public and Private Embedding which can directly be used by iFrame in the Frontend Web Application. Public Embedding is easy to integrate into the Web Application but it is one of the most unsafe methods for Embedding. On the other hand, Private Embedding is safe but it doesn’t make sense if you want to share your Looks Content with the external user, the reason is Private Embedding asks for the login credentials that access is only with the internal employee working on the Looker Dashboard.
In the coming part of the series, we will focus on the Single-Sign-On (SSO) Embedding which is a more secure method than what we described here, we will also talk about its pros and cons when integrating the Looker Content with the Web Application.
References:
- https://cloud.google.com/looker/docs/publishing-looks-with-public-urls#public_embedding_with_iframe_tags
- https://cloud.google.com/looker/docs/publishing-looks-with-public-urls#look_settings
- https://cloud.google.com/looker/docs/admin-panel-platform-embed#same-origin_protections_for_looker_login_pages
- https://cloud.google.com/looker/docs/private-embedding
Hope you enjoyed this article and found it useful. You can reach me at LinkedIn.
