Sigma's embedded solution is highly flexible and can accommodate a myriad of use cases. These include:
Sigma employs federated user access to cater to all these needs and beyond. This is often realized through single sign-on (SSO) technologies and the establishment of trust relationships between the systems involved.
With Sigma embedding, users log onto your main application, get authenticated (with an optional role assignment), and this information is conveyed to Sigma when a part of your app requires embedding.
It's crucial to note that Sigma has its proprietary role-based-access-control (RBAC) system. While some customers exclusively use this system, many others with an existing identity management provider (IDP) prefer to integrate that with Sigma.
For further details on using SSO with Sigma, click here.
For details on managing user and teams with SCIM, click here.
In this QuickStart, we will use the local node.js application framework we created in QuickStart: Embedding 3: Application Embedding
Sigma Administrators and developers keen on understanding strategies for dictating what users can view and perform when Sigma is embedded within an application.
Master the art of employing Sigma Teams and Workspaces to supply shared and exclusive content to embedded users, with varied functionality tiers.
Federated user access refers to a mechanism that allows users to use a single set of credentials (such as username and password or other authentication methods) to access multiple software systems without requiring separate accounts for each system. This is typically achieved through single sign-on (SSO) technologies and trust relationships established between the participating systems.
There are Advantages:
To read more about how Sigma supports SSO with SAML, click here.
There Can Be Some Challenges:
Common Use Cases:
Now that we have an understanding of federated access at a high level, let's explore how you can leverage it with Sigma.
Log in to Sigma and navigate to
Teams and click
Name the team
all_clients_team, set it to
Private, check the box to
Create a Workspace and click
Workspace is created for you automatically, with the name
By doing this you create a Team and create a Workspace. It also gives the team access to that workspace, automatically.
Workspaces serve multiple purposes, but in this use-case, we will use one to store content that is common to all our customers.
Workspaces are shown by returning to the
Home page (click the white crane icon in the upper left corner) and clicking
Let's change the name of the new Workspace to something more descriptive. We will use
Curated Master Dashboards:
Once you've done this, server.js (our server-side API from QuickStart Embedding 3: Application Embedding) needs to be updated to pass the new team value:
In order to test this, we need some content to embed. We will use Sigma's default content, provided via a template.
Navigate to the
Click to select the
Plugs Electronics Sales Performance template:
Dismiss the dialogue asking if you want to use your own data.
Save As button and name the Workbook
Be sure to save the Workbook to the
Curated Master Dashboards folder. Failure to do so will result in the Workbook not being shared.
Common Dashboard will adopt the permissions of the
Curated Master Dashboard Workspace.
Dashboard for only the Dashboard page and then select
In the node project folder, open
server.js and replace the value for
EMBED PATH with this new value.
Let's pass a new embed user into Sigma to demonstrate this works as expected.
Edit server.js to change the embed user and userID to use
Set the values as displayed in image below, specifically for
&external_user_id, then save the changes:
Once server.js is setup, make sure that node's express server is running:
Browse to localhost:3000 to verify that we have a working application with our Sigma dashboard on it:
Notice that if you click on the icon, for the
Sales by Store Region & Product Type chart controls (the 3-dot menus, upper right corner of the chart), you notice that there is limited functionality. This is because we set the
view access only:
We can see some data, but are not allowed to explore it. We do not see the Sigma Element Panel either.
In Sigma, navigate back to
Teams and click into the
The embed user we just used (via the server.js api) was added to the team automatically.
Now, any new embed user who is assigned to the
all_clients_team, has access to the
Common Dashboard that is made available by embedding it in the parent application.
You can check which people or teams have access to a workbook by opening the workbook and clicking on the
In this case, we can see that our
all_clients_team has view access that was inherited from a folder. We know this folder is our
Curated Master Dashboards folder.
As Sigma embed customers evolve in their implementations, there's frequently a desire to enhance the functionalities provided to their end-users. Often, this materializes as a "premium" offering. Such upgrades can be driven by various factors, be it potential revenue growth, competitive pressures, or other motivations.
We have shown how all your clients can access common content.
Let's consider the case where you want to provide some specialized reports or dashboards to some of your customers. In addition to that, you also want to provide "tiers" of functionality like view, edit and share for this content.
Sigma supports this use case through
Using the same framework we have already explored, we can create easily control what a user can access, and what they are allow to do with that content.
Back in Sigma, create a new private
CustomerA and check the
Create a Workspace check-box on.
For more information on the Teams API, click here.
Next, you need to assign permissions to
CustomerA users that will be able to explore our Common Dashboard.
You do this in Sigma with
Account Types which control permissions in the application.
Account Types, create a new
Account Type called
Edit Workbook and
Contribute to Shared Folders permissions.
View Workbook and
View Dataset are selected by default. Keep those checked and don't add spaces to the Account Type name!
For more information on using Account Types, click here.
We also need to allow
CustomerA to explore our
We could just grant then explore rights to the
Curated Master Dashboards Workspace but maybe we don't want them to have explore on all the workbooks we store there later.
CustomerA explore rights to directly on the
Open the Workbook and click
Share. You can do this from the Workbook itself, or from where the Workbook is stored:
Share the Workbook withe
Make the following four changes to server.js:
Refresh the browser page. Now we can see the dashboard which is stored in the
Common Workpsace but we also have
Now if we click the icon for the
Sales by Store Region & Product Type chart, we can see that we have the ability to explore the underlying data.
Item #1 is the
Element Panel and item #2 is the underlying data.
This example showed how we can provide one customer a different level of access ("Can Explore") than all the rest of the customers.
We also demonstrated how we can pass multiple account types in the API.
It also touched on creating a customer specific workspace so that only one customer (CustomerA in this example) could source content from.
Through this flexible architecture, it is possible to create a variety of scenarios to match your customer segmentation needs.
In this QuickStart, we learned how to use Sigma Teams and Workspaces to provide common and isolated content for embedded consumers, with different levels of functionality.
There is information on related content you can also review:
Row Level Security QuickStart
Additional Resource Links
Be sure to check out all the latest developments at Sigma's First Friday Feature page!
Help Center Home