Security | Sisense Community

Community Feedback
Chapters
Events
Forums
Blogs
KB Docs
Support
Learning
Use Case Gallery

Categories

MoreDiscussions

Security | Sisense Community

Knowledge Base Docs

Security

Created Apr 15, 2026

1 member

10 discussions

Security
Configuring embedded domain whitelist and CORS allowed origins in Sisense [Linux]
Step-by-Step Guide Step 1: Navigate to security settings Log in to Sisense as an administrator. Go to Admin Tab → Security & Access → Security Settings. Step 2: Configure Embedded Domain Whitelist The Embedded Domain Whitelist controls which external origins are allowed to embed Sisense content via the browser-enforced header: Content-Security-Policy: frame-ancestors Only origins listed here are permitted to load Sisense content inside an iframe. If the list is empty, any origin is allowed. Supported syntax Each entry must be a valid origin or wildcard domain: https://example.com https://app.example.com *.example.com Invalid entries include: Standalone * Paths or query parameters Trailing slashes Protocol-prefixed wildcards ( for example, https://*.example.com ) Wildcard behavior Wildcards are supported only as part of the host *.example.com allows all subdomains of example.com The apex domain ( example.com ) is not included unless explicitly added Wildcards are not regular expressions and cannot span multiple domain levels Step 3: Configure CORS Allowed Origins The CORS Allowed Origins setting controls browser access to Sisense REST APIs by configuring CORS response headers, primarily: Access-Control-Allow-Origin This setting applies only to browser-based HTTP requests and does not affect iframe rendering. If the list is empty, no requests are allowed. Supported syntax Valid entries include: https://example.com http://localhost:4200 *.example.com * Invalid entries include: Paths or query parameters Partial domain wildcards (for example, example.* ) Wildcard behavior *.example.com allows API access from all subdomains * allows all origins, subject to browser CORS restrictions When credentials are used, browser CORS rules may restrict the effective use of * Step 4: Understand evaluation timing Embedded Domain Whitelist is evaluated by the browser when the iframe is created, via Content-Security-Policy: frame-ancestors CORS Allowed Origins is evaluated during API requests and preflight ( OPTIONS ) checks The two settings operate independently and serve different browser security layers Conclusion The Embedded Domain Whitelist controls iframe embedding through the CSP frame-ancestors directive, while CORS Allowed Origins governs browser API access using CORS headers. Correct syntax and wildcard usage are critical, as browsers enforce these rules before Sisense application logic is reached. References / Related Content Mozilla Developer Network: Content-Security-Policy – frame-ancestors https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/frame-ancestors Mozilla Developer Network: Access-Control-Allow-Origin https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin Mozilla Developer Network: Cross-Origin Resource Sharing (CORS) https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS W3C Content Security Policy Level 3 Specification https://www.w3.org/TR/CSP3/#directive-frame-ancestors
Taras SkvarkoPosted 4 months ago
0
Security
Redirect URL in SSO callback [Linux]
Background During the SSO flow, multiple redirects may occur to authenticate the user: [Sisense page] → [Sisense SSO endpoint] [Sisense SSO login endpoint] → [Login URL of the SSO provider] [Login URL of the SSO provider] → [Sisense SSO callback] [Sisense SSO callback endpoint] → [Initially requested Sisense resource] To remember the initial request of the user and redirect them back to the requested resource after the SSO login is finished, Sisense sends a query-string parameter (such as "return_to") in each of the subsequent redirects. Redirection example Example of redirects during SSO login flow: https://my.sisense.com/app → https://my.sisense.com/openid?return_to=http%3A%2F%2Fmy.sisense.com%2Fapp → https://sso.provider.com/auth/realms/master/protocol/openid-connect/auth?response_type=code&client_id=Sisense&redirect_uri=http%3A%2F%2F10.50.69.85%3A30845%2Fopenid_callback&scope=openid%20email&nonce=8ac003e7-020c-413e-9848-bc1166f7c966&state=Ttqg%2FeG%2B2iZWp9%2Bp8tbe0dSZ → https://my.sisense.com/openid_callback?state=Ttqg%2FeG%2B2iZWp9%2Bp8tbe0dSZ&session_state=3d07352e-d3ef-4b78-9b83-5801ce92a265&code=81110e04-2aae-4dce-bcaa-2ad511f23f76.3d07352e-d3ef-4b78-9b83-5801ce92a265.4e2b1b4c-b52e-4e47-9634-ae9eb6fd1aae → https://my.sisense.com/app Where https://my.sisense.com - the address of your Sisense website https://sso.provider.com - the address of your SSO provider Default behaviour By default, Sisense does not apply any restrictions to the "return_to" parameter. As a result, user can be redirected to external domains once the SSO authentication is finished. For example: https://my.sisense.com/openid?return_to=http://external.com We strongly recommend limiting these redirection domains only to the trusted websites (Sisense domain, embedding domains, SSO portal page, etc). Configuration options Note: These options are available in the Sisense Linux version since L2021.3. Sisense can be configured to restrict target domains passed in the query string parameters during SSO flow (such as "return_to"). To do so: Send API v0.9 POST /settings/sso request with the following payload: {"newReturnToValidationBehavior": true} Refresh the Sisense page. Navigate to the [Admin] tab → [Security Settings]. You will now see an additional [Allowed Target URLs] section. Add whitelisted target URLs (make sure to include the Sisense URL) and save the changes. Service restarts are not required. Important. If the Allowed Target URLs list remains empty, all domains will be allowed for the redirect. Forbidden domains If the target URL is not in the allowed list, the redirect will be blocked, and the user will see a Forbidden message on the SSO callback page: Conclusion: Sisense’s SSO flow uses a "return_to" parameter for redirects, which by default allows any domain. Since Linux version L2021.3, admins can restrict allowed redirect domains via API and security settings. If a redirect target isn’t whitelisted, Sisense blocks it and shows a Forbidden message. No service restart is needed. Disclaimer: This post outlines a potential custom workaround for a specific use case or provides instructions regarding a specific task. The solution may not work in all scenarios or Sisense versions, so we strongly recommend testing it in your environment before deployment. If you need further assistance with this, please let us know.
Andrii LohvinPosted 4 months ago
0
Security
Automatically Copy Data Security Rules Between Data Models (including Elasticube to Live and Live to Elasticube)
Overview Managing data access consistently across multiple data models can be time-consuming and error-prone, especially with complex row-level security (RLS) configurations. This article provides a script and step-by-step instructions to automate copying data security rules from one model to another within the same environment. It helps ensure security alignment while reducing manual work. The script copies both the RLS rules and scopes, and works for every possible combination of source and target data model types: Elasticube to Live model Live model to Elasticube Elasticube to another Elasticube Live model to another Live model This script utilizes Sisense REST API. Requirements The names of the table(s) and column(s) used for data security in the source and target data models must match. Admin access to server. The Custom Code feature has to be enabled. To simplify the implementation, this script can be viewed and executed on the Sisense server's Custom Code's Jupyter notebook, so you don't have to install Python on your own computer. To enable Custom Code, go to the Admin tab > Feature Management > Advanced Analytics section > toggle on Custom Code . Limitations This script does not merge RLS rules. All existing RLS rules will be deleted from the target data model before the RLS rules from the source data model are copied. Sisense doesn't currently have a built-in validation logic for table and column names when creating RLS rules via API. The script does not validate these either during the copy process. Ensure security table and column names match between the source and target data models. Refer to the Requirements section above. This limitation may be addressed in a future version of this script. The script only supports one target data model at a time. This limitation may be addressed in a future version of this script. Instructions 1. Download the CopyDataSecurityRules_v1 Script Download the script here and unzip it. The file is also attached at the bottom of this article. 2. Upload the Script to Your Server Upload the script to this location: /opt/ sisense /storage/ notebooks/ . You can also use any of the existing subfolders or create a new subfolder in this location, if needed. The easiest way to upload files to your Sisense server is to use the File Management feature. In the file browser UI, open the notebooks folder, then click the Upload (Up arrow) icon at the top right corner. Click File, then select the CopyDataSecurityRules_v1 file. 3. Open the Script in Jupyter. To open the Jupyter notebook, use this direct URL: https: / / YourSisenseServerAddress /app /diag/notebooks /work/storage _notebooks/ CopyDataSecurityRules _v1.ipynb If you opted to upload the script in a subfolder, the direct URL should look like this: https: / / YourSisenseServerAddress /app /diag/notebooks /work/storage _notebooks/ subFolderName / CopyDataSecurityRules _v1.ipynb 4. Configure the Script Once the notebook is open, update the first cell and specify the below configuration variables. This is the only cell that needs your input. source_datamodel_type : the type of the source data model you're copying the RLS from. The value should either be "cube" or "live". target_datamodel_type : the type of the target data model you're copying the RLS to. The value should either be "cube" or "live". source_datamodel_name : the name of the source data model. target_datamodel_name : the name of the target data model. batch_size = 100 : the number of RLS rules to copy at a time. The script copies RLS rules in batches due to possible API limits (most relevant if you have a large number of RLS rules). This does not mean you need to run the script multiple times. Validations are in place to ensure: The source and target types are either "cube" or "live". The source and target data models exist in the server. The types of the source and target data models match the specified types. The batch size is a non-zero, positive integer. The script will throw a descriptive error message if any of the validations above fail. Here is an example of the configurations: # Specify the source and target model types and names source_datamodel_type = 'cube' target_datamodel_type = 'live' source_datamodel_name = 'Sample Insurance - Elasticube' target_datamodel_name = 'Sample Insurance - Live' batch_size = 100 # Define batch size 5. Run the Script Once you have specified the configuration values, run the script by opening the Run menu, then selecting Run All Cells . [ ALT Text: Jupyter Notebook interface showing a "Run" menu expanded, highlighting the "Run All Cells" option in red. Coding cells are visible below.] Monitor the progress at the bottom of the notebook. A completed log should look like this: [A LT Text: Text log showing the process of updating a database model. It details the deletion of existing rules and successful copying of 650 data security rules in 7 batches.]
Tri AnthonyPosted 1 year ago
0
Security
Row-Level Security Implementation Using OR Operator Across Multiple Dimensions
Row-Level Security Implementation Using OR Operator Across Multiple Dimensions Overview In Sisense, the Data Access Security , allows Admins to restrict the data access for Users and Groups, in row granularity. In many cases, customers restrict the data to multiple dimensions. For Example: Restriction on Country Restriction on User When applying data security across two different dimensions, the security rules are enforced using an 'AND' operator between the dimensions. In many cases, customers are looking for the ability to use the Data Security feature with an 'OR' operator between two or more dimensions, a functionality that is not supported natively. Example Use Case A Manager of a Country, testsecurity@sisense.com in our example, needs access to information related to his country, including details on both sales and manufacturing activities within that Country. User Permissions Country Restriction - CHINA Security Apply on Manufacture Country = 'CHINA' and Sales Country = 'CHINA' with 'OR' condition Between the two dimensions User Output example on fact_transactions using OR condition User testsecurity@sisense.com access should be for transactions: [1,5,8,13,16,20] User output example on fact_transactions using AND condition (current Sisense Configuration) While Applying Data Security over the 2 dimensions for User testsecurity@sisense.com as the following: dim_manufacture_country.Country = 'CHINA' dim_sales_country = 'CHINA' the Restriction will allow the user the access for records: [1,20] Data Model Tables and relations the list of tables which created for the use case dim_employee - list of all employees dim_sales_country - list of all sales country dim_manufacture_country - list of all manufacture country fact_transactions - transaction data fact_orders - orders data Table Relations Basic Solution In general, it is recommended to apply data security to a single dimension rather than using multiple tables. Implementation Steps Step 1 - Create a surrogate key In each of the fact tables (or tables that require to have the restriction), Create a surrogate key as the additional column, in the following format: Note - Make sure that the Values in the Surrogate key are not Null [manufacture_country] + '_' + [sales_country] Table Output Step 2 - Create a Unique security key table The Security key table is a combination of all possible keys from all fact tables; see the example: select distinct fo.security_key from [fact_orders] fo union select distinct ft.[security_key] from [fact_transactions] ft Use Union instead of Union ALL to remove the duplication of the security_key to keep it as the primary key Step 3 - Create the relationship Create the relationships between the fact table/s and the security table on the security_key column Step 4 - Assign the Data Security Member by user/group In the Data model page, Click on the Options Click on Data Security Select security_key column from the security_key table Select the User / Group Select the relative Members for the Country Assign all the related Keys Step 5 - Create a dashboard for the validation create a pivot table and select the relative columns check the results - should return all the records of China for manufacture and sales country Advance Solution The advanced solution is more scalable, easier to understand and debug, and can improve the dashboard load time (in case the amount of members in the data security is high). Step 1 - Create a surrogate key In each of the fact tables (or tables that require to have the restriction), Create a surrogate key as an additional column, in the following format: Note - Make sure that the Values in the Surrogate key are not Null [manufacture_country] + '_' + [sales_country] Table Output Note - best practice is to create the column directly in the source data base Step 2 - Create a security key table The Security key table is the combination of all possible keys from all fact tables, see the example: select distinct fo.security_key from [fact_orders] fo union select distinct ft.[security_key] from [fact_transactions] ft Use Union instead of Union ALL to remove the duplication of the security_key in order to keep it as the primary key Step 3 - Create a Security Table and Store the Members on the User Level implementation prerequisites On the Customer level (Source Data Base), it is to maintain the table according to the security rules for each user The Security keys will be assigned to each user according to his permissions The Members per user will be Unique the table will be added to the data model and the security will apply to that table Implementation Example Create the Users_scope table Permissions, for example: testsecurity@sisense.com allows one to see CHINA country User: User to apply the security on Scope: The Dimension/s Value: The Security info that the security_keys are assigned to Example Table Create a table: Users_security_keys and Assign the Distinct Security_keys related to CHINA from the Security_key table for each user in Users_scope table. Table output for testsecurity@sisense.com Again, The Security_key value per user is unique and can't repeat in Users_security_keys table. Create the relation in the data model from Users_security_keys table to the fact tables based on the security_key column. The Relation is a Many to Many by design but is one to Many on a User Level Model Relation Create the Data Security on Users_security_keys table where User = User Please find the example below Create a dashboard for the validation Solutions Compare Between the Methods Topic - Main Points Basic Solution Advanced Solution Dashboard Update while Applying the Row Level Security Dynamic - Changes apply on the Dashboard at the time the Members Updated Limited - Changes apply after the member updates in user security table. Elasticubes - Changes will be updated after the Build Live - Changes will be updated while the Member updates in the table Member Assignment in Data Security Users can have a list of Members Users have Single Member Performance - Amount of members Limited - Performance issues raised in a high amount of Members (recommended less than 100 Members) Advanced - Single member per user which outputs the list of all members from the Users_security_table Assignment on User/Group Data Security Apply on User Or Groups. Provide Flexibility of Managing the Same Access for Users on a Group Level Data Security Apply on User Level. Each User will have its own permissions Security Table Size Contains a List of Unique Security Keys. Relation from Security table to Facts is on One to Many A large table contains a list of all users with a unique member list by user. Relation from Security table to Facts is Many to Many By Design, But One to Many on the User Level Members' Maintenance across multiple Data Models Changes in Members for a single user / Group should update for each data model Changes in Members for Single User are updated in the table, no changes are required in Sisense Level for Existing Users Members Tracking (Changes between Permissions) Harder to Maintain, require to Get the Amount of Members before Applying the Changes Handled on the Customer Side, Easier to Have it as a Change Log in Tracking Security table in the Customer Data Base Comparison summary Both Method has Pros and Cons related and selecting the right method is per the use case. Few Examples: For Quick Changes in the Members that should affect the dashboard immediately, while the Amount of Members is Small, Use the Basic Solution For Large Deployment, where changes shouldn't update on the fly, Similar data security for a user among multiple cubes, use the Advanced Solution Advanced Options and Points Make Sure that the Security key is not Null, or does not have any Null values in one of the compositions of the Surrogate key Keep the Identical structure of the Surrogate key in all fact tables Identical meaning, if starting the Seucrity_key with Manufature_country + '_' + sales_country, this structure should be created in all fact tables. In case need additional Scopes, the new Scope should be added as part of the Security key, keeping the Identical Structure. Surrogate_key using '_' is an example and several alternatives can created, keeping a similar structure Best Practice is to Generate the Surrogate key and all the Logic within the Source Data Base. Best Regards Check out this related content: Academy Documentation
Assaf HaninaPosted 1 year ago
0
Security
Redirecting Login Bypass Pages to the SSO Login Page

Redirecting Login Bypass Pages to the SSO Login Page 1. Open the File Management: Navigate to `Admin -> App Configuration -> File Management`. If the "File Management" option is not available, enable it under `App Configuration -> Feature Management`. 2. Create the Plugin Folder: Open the `serverSidePlugins` folder and create a new folder with a descriptive name, such as `loginPageRedirect`. Inside this folder, create an `index.js` file with the following code: const ssoSettings = require(`${process.cwd()}/node_modules/@sisense/sisense-configuration`).sso; module.exports = { method: "GET", url: [ "/app/account/login", "/app/account" ], beginRequest: (req, res, next) => { if (ssoSettings.enabled) { const host = encodeURIComponent(req.get('host')); const { ssoType } = ssoSettings; const redirectionUrl = (ssoType === 'jwt') ? ssoSettings.loginUrl : (ssoType === 'saml') ? `/saml?address=${host}` : `/openid?return_to=${host}`; res.redirect(redirectionUrl); } else { next(); } } }; 3. Enable Server-Side Plugins: Ensure that server-side plugins are enabled in the configuration settings. Navigate to `Admin -> Server & Hardware -> System Configuration -> Configuration -> Show Advanced Settings`. Check if the "Server Side Plugins Enable" feature is enabled. 4. Save and Verify: Save the `index.js` file and verify that the server-side plugins are correctly enabled. This setup ensures that any attempt to bypass the login by using the workaround links will redirect users to the SSO login page, enhancing your security measures. Check out this related content: Academy Course Sisense Documentation
Vadim PidgornyiPosted 1 year ago
0
Security
JWT SSO With Cognito
Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, Google or Apple. The two main components of Amazon Cognito are user pools and identity pools. User pools are user directories that provide sign-up and sign-in options for your app users. Identity pools enable you to grant your users access to other AWS services. You can use identity pools and user pools separately or together. Authentication typically consists of a user entering using a username or email and a password and then being granted access to different resources or services. Authentication , by its very nature, relies on keeping the state of the User. This seems to contradict a fundamental property of HTTP, which is a stateless protocol. JSON Web Token (JWT) provides a way to solve this issue. Your Angular app can talk to a backend that produces a token. The Angular app can then pass that token in an Authorization header to the backend to prove they are authenticated and needs access to the particular route or resources. The backend should verify the JWT and grant access based on its validity.
Community_AdminPosted 4 years ago • Last reply 1 year ago
1
Security
User Parameters - What They Are and What They're For (Example Use Cases)

User Parameters - What They Are and What They're For (Example Use Cases) User Parameters, or simply Parameters are user and user group-specific values that can be assigned to live database connections and queries. These values are resolved during query runtime and change dynamically depending on the current logged-in user. This means that we can manage a single Live Data Model with varying connection details and queries. By eliminating the need for multiple identical copies of data models and dashboards, parameters provide increased design flexibility and reduce maintenance complexity without compromising your data security restrictions. Parameters are managed by Admins and Data Admins. There are two types of parameters: Live Connection Parameters are used to personalize connection details, such as database connection string, location, username, and password. Custom Live Query Parameters are used to customize parts of live SQL queries, such as column names, calculations, and filter conditions. For more information on how to create Parameters, refer to this documentation: Personalization Parameters for Live Data Sources . Here are a few example use cases for User Parameters: Federating multiple isolated, structurally identical databases into a single model (parameterized database location or name) Enforcing row-level security rules already defined in the source database to Sisense queries (parameterized username and password) Automatic localization such as time zone conversion and currency conversion (parameterized formula or join condition) Personalized filter requirements (parameterized WHERE clause condition, e.g. history depth) Column-level security (parameterized column selection) Query tracking/audit (parameterized comment text) Let us know in the comments if you have other use cases of Parameters you'd like to share!
Tri AnthonyPosted 2 years ago • Last reply 2 years ago
1
Security
Setting Up SSO SAML 2.0 With Keycloak

Keycloak supports applications that support SAML 2.0, such as Sisense. This page describes how to add Sisense to Keycloak and configure SSO-support with SAML 2.0 by creating a Keycloak client and connecting it to Sisense. This article assumes you have a Keycloak IdP Server configured. Note : This page reflects a 3rd party’s application which may change. If the steps described here do not match what you see in your Keycloak account, you can use the generic Sisense SAML documentation , along with the IdP’s documentation . Connecting Sisense To Keycloak To connect Sisense to Keycloak : Download sisense_client_config.json to your PC. Log in to your Keycloak's admin console ( http://localhost:8080/auth/admin/ ) Select Clients from the left menu. Click Create . In the Add Client window click Select File . From the file explorer popup window locate the file downloaded in Step 1 and click Open . Back in the Add Client Window click Save . In the Settings tab of the opened Sisense client page expand the Fine Grain SAML Endpoint Configuration section . In the Assertion Consumer Service Redirect Binding URL filed replace "localhost:8081" with your domain name. If using secure connection, replace "http" with "https". Updated value of the Assertion Consumer Service Redirect Binding URL to match the value of the Assertion Consumer Service Redirect Binding URL (from the previous step.) Click Save . Click on the Installation tab. From the Format Option, select Mod Auth Mellon Files and click Download . Extract the downloaded keycloak-mod-auth-mellon-sp-config.zip . Open the idp-metadata.xml file from the extracted folder. Open your Sisense web application. Go to the Admin tab and click on the Single Sign On menu item. Select SAML 2.0 as the Method option. In the idp-metadata.xml file locate the following element. <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8080/auth/realms/Sisense/protocol/saml" /> <SingleSignOnService> 20. Copy the value of the Location attribute to the Remote Login URL field in Sisense. 21. In the idp-metadata.xml file locate <dsig:X509Certificate> . 22. Copy the value of the X509 certificate to the Public X.509 Certificate filed in Sisense. 23. Enable Single Sign On by clicking the switch button. 24. Click Save .
intapiuserPosted 3 years ago
0
Security
Enforcing Security On Consortium Data By Masking Sensitive Values

Question : Some organizations provide Sisense to their clients as part of their business offering. Some of these organizations would like also to provide clients with the consortium data derived from Sisense - a single ElastiCube where clients submit their confidential sales and other data to the vendor, and then the vendor allows them to benchmark their sales, share (concentration), and rank amongst their peers. Each client may see the details of their own data, but cannot see the names of competitors or their specific products. Consortium data allows clients to better understand concentration and distance from their competitors. The vendor must provide the following security measures on consortium data: Users should be able to see their company's own data relative to aggregated data, but should not be able to see details of competitors at company or product level, and should not be able to filter competitor company or products. Users must be able to use Product Name/Category as a dimension but only display a company's own products/categories. Clients should be able to see the name of their company but not the names of their competitors. Users must be able to filter by dimensions and use a variety of dimensions. Below you can find an approach for enabling security on consortium data. This approach suggests masking sensitive values in order to hide them from unwanted users. Solution : 1. Duplicate the data in the table by using the UNION ALL clause, to create a copy of the data with masked values. 2. Add a flag that indicates whether the record is masked or not. SELECT D.Date, D.CompanyCode, D.CompanyName, D.Country, D.ProductType, D.[Product Name], D.DistributionChannel, D.Sales, D.Assets, 0 isMasked FROM Data D UNION all SELECT D.Date, D.CompanyCode, '###########' CompanyName, D.Country, D.ProductType, '#######' [Product Name], D.DistributionChannel, D.Sales, D.Assets, 1 isMasked FROM Data D 3. Create or import a table that connects user and company, for example: 4. Create a table that contains the rules of masking for each user: SELECT U.User, U.Company, 0 isMasked FROM UserToOrg U UNION all SELECT DISTINCT O.User, D.CompanyCode, 1 isMasked FROM [Data] D JOIN [UserToOrg] O ON D.CompanyCode!=O.Company The logic is to take the list of users and their company and allow them to see it unmasked (isMasked 0). This list is added to a join of each user with every other company (join on non equal), which they will see masked. 5. Connect the tables on Company code and isMasked: 6. Create security settings for users/group: The result: Note : This solution requires company codes to be displayed. If the existing company codes might compromise the identity of the competitors, consider doing one of the following: Instead of masking all as the same value (#####), give each a unique masked value (for example - ####1,###2). You can do so more easily by creating an excel file with the relevant fields. Use company codes that don't relate directly to company names.
intapiuserPosted 3 years ago
0
Security
Setup SSL on Sisense (Linux version)

Setup SSL on Sisense (Linux version) The below procedure is to outline how to set up SSL on Sisense. Why do you want to set up SSL on Sisense? When you have SSL set up on your system you can access the Sisense platform through a secure HTTPS connection. This secures the connection between Sisense and your browser. Please note that step 1 generates a self-signed SSL certificate for test purposes. Step 1. Generate self-signed SSL keys. Below is an example: openssl req -newkey rsa:4096 -x509 -sha512 -days 365 -nodes -out certificate.pem -keyout privatekey.pem Let’s take a look at what the command above does: req -newkey // is used to create a new certificate request and a private key. rsa:4096 // this works in conjunction with the req command. In this example, we have told it to give us an RSA key of 4096 bits. -x509 // modifies how the certificate is defined. In this case, we want a self-signed certificate. -sha512 // tells the message digest to sign the request /certificate. -days 365 // this makes the certificate valid for a whole year. -nodes // this does not encrypt the generated private key. That is okay since we are using a self-signed certificate for testing purposes. -out and -keyout // specifies the filenames to write the cert and key to. Step 2. Edit the configuration file based on your deployment. You can find more information about installing Sisense on Linux here . Enter these values for the parameters below . update : Set to true . Since we are only updating/configuring Sisense. is_ssl : Set the value to true . ssl_key_path : Enter the path of the key certificate file. ssl_cer_path : Enter the path of your cer certificate file. application_dns_name : Enter the common name (CN), or Fully Qualified Domain Name (FQDN) of your SSL host, for example, " test.sisense. com ". Step 3. In case you are using a test domain, edit the local hosts file in your server to identify the new application endpoint. In Linux it is located here: /etc/hosts Add this line: <IP Address of source machine> <space> <hostname of source machine> . Example: 10.10.10.10 test.sisense.com Save the file. Step 4. If you are using a test domain on your local machine to access Sisense, go to your hosts file. Windows: C:\Windows\System32\drivers\etc\hosts Mac/Linux: /etc/hosts Append <IP address of source machine where Sisense is hosted> <space> <a domain name for sisense>. Example: 10.10.10.10 test.sisense.com Save the file Step 5. In your browser, you should now be able to access Sisense using the domain name set up in Step 4.
Vlad SolodkyiPosted 3 years ago
0