How do BigQuery OAuth connections work with GCP IAM?
Knowledge DropLast tested: Jun 26, 2020 BigQuery customers have the option of using OAuth for BigQuery connect...
Technical Tips & Tricks
Explore technical tips and tricks to help you get the most out of Looker.
Knowledge Base Articles
Troubleshooting Private Embedding + SAML
Knowledge DropLast tested: Oct 7, 2020 There are a number of errors and settings to be aware of when using SAM...
Can you manually assign a role to a user that is not determined by the [SAML/LDAP] Group to Role mapping?
Knowledge DropLast tested: Jan 2019No. Roles will be overwritten for a user any time that user logs in with [S...
Mirror SAML Groups (idP group name matches Looker group name)
Knowledge DropLast tested: May 19, 2020 When "Mirror SAML Groups" is toggled on in your instance's SAML settin...
Why are my email fields grey?
Knowledge DropLast tested: May 10, 2018 There are two different interpretations of this question, with two dif...
Can I use a user ID other than email for logging in to Looker?
Knowledge DropLast tested: Oct 1, 2019 No, the only user ID you can use in Looker is an email. Logging in will...
Does Looker use tokens for SAML?
Knowledge DropLast tested: Sep 18, 2019 Looker doesn't use tokens at all when authenticating with SAML.In fact...
Can I log in to Looker with two separate email addresses but keep the same user?
Knowledge DropLast tested: Jan 31, 2018 Generally speaking, no. Each Looker user is only allowed one set of cr...
Will a user in multiple [SAML/LDAP] Groups Get Associated to Multiple Looker Roles?
Knowledge DropLast tested: Sep 18, 2019 They definitely should. If it's not coming through, check the tests in...
Can LDAP allow users to login automatically, without entering username or password?
Knowledge DropLast tested: Jun 26, 2021 No, only SAML or Oauth would do that.This has nothing to do with Looke...
Migrating from LDAP to SAML when users have different emails
Knowledge DropLast tested: Dec 3, 2017 Fortunately, when migrating to SAML there is an option to merge from LD...
Can you edit or assign user attributes to shadow groups?
Knowledge DropLast tested; Sep 18, 2019 You can't edit who is in a shadow group from the Looker admin/groups U...
Can Looker authenticate against multiple Active Directory Forests?
Knowledge DropLast tested: Sep 18, 2019Looker can work with a single SAML 2.0 IdP endpoint. If it is possible ...
Turning off Group to Role Mapping on SAML / LDAP
Knowledge DropLast tested: Feb 6, 2020 If you turn off group to role mapping but continue to use SAML / LDAP a...
Can you disable email/password login when SAML / Okta is configured?
Knowledge DropLast tested: Aug 29, 2018 Yes - it is disabled by default.Looker email/password logins are alway...
What happens when an actively logged-in user is disabled by a second user? Does the first user's session immediately end?
Knowledge DropLast tested: Dec 3, 2020 Yes. They are immediately logged out and see the above screen.This cont...
Is it possible to set up SAML to authenticate from two separate Idp URLs?
Knowledge DropLast tested: May 20, 2019 No. As far as Looker is concerned, you can only have 1 SAML IdP.Hacky ...
Can you use 2FA with Oauth
Knowledge DropLast tested: Dec 16, 2020 nopeyou can either have 2fa on top of email/pass or google oauthThis c...
Change saml_user_id for a user
Knowledge DropLast tested: Apr 14, 2020Sometimes when we change a user's email on the IdP side, the saml_user_...
Why are users still seeing the 30 minute logout even if they click "Stay Logged In"
Knowledge DropLast tested: Oct 2, 2020 There's been some instances where users click "Stay Logged In" but they...
What's the difference between using Google OAuth and using Google Auth for SAML (Google-provide SSO)?
Knowledge DropLast tested: May 20, 2020 SAML is just a type of SSO to Looker, in terms of what is set up in th...
Welcome to Looker link not allowing user to set password
Knowledge DropLast tested: May 19, 2020If a user clicks the "Activate" link on the "Welcome to Looker" user se...
Help! SAML overwrote my user names!
Knowledge DropLast tested: Apr 30, 2020 This is expected - Looker rechecks the IdP every time a Looker user is...
Why is hitting the samlcallback returning a 403 error?
Knowledge Drop Last tested: Aug 2020Check to make sure the callback URL is just myinstance.looker.com/samlcall...
How are 2FA enabled/disable events tracked?
Knowledge DropLast tested: Jul 13, 2019You can look forupdate_totp_config in the logs and in the System Activi...
Set Looker Roles from IdP Groups
Knowledge DropLast tested: Jul 24, 2020 You can set Looker roles based on the groups in your IdP. If you alrea...
What are some benefits to using OIDC?
Knowledge DropLast tested: Jun 14, 2019 It's Secure:It's more secure than OAuth alone, since it has more robus...
Why do I see a ridiculously high count of login events while looking at the System Activity event explore?
Knowledge DropLast tested: Aug 23, 2018When a user logs in using OpenID auth (i.e. Okta, OneLogin, etc.), Look...
Why are some emails greyed out in the admin->users page?
Knowledge DropLast tested: Apr 26, 2019A greyed out *email credential* means one of two things:1. the user is ...
Does revoking a user on the idP side affect the user in Looker?
Knowledge DropLast tested: June 2021No. Looker doesn't automatically keep track of whether the user has been r...
