Knowledge Drop

Troubleshooting Private Embedding + SAML

  • 15 June 2021
  • 1 reply

Userlevel 5

Last tested: Oct 7, 2020

There are a number of errors and settings to be aware of when using SAML authentication in an iframe for private embedding. You can test things out using a simple online HTML editor, using the following iframe code:

<iframe src="[id]" height="500" width="500"></iframe>


401: You are not authenticated to view this page

If you are not already logged into Looker, you will get this page by default when you attempt to access the embed URL through the iframe instead of getting the Authenticate button. To avoid this error, simply add allow_login_screen=true to the URL:

<iframe src="[id]?allow_login_screen=true" height="500" width="500"></iframe>

Note that even if you are using the sso_bypass_login_page license feature to skip the login page, you will still need to add allow_login_screen=true to avoid an error. You have to allow the login screen before you can bypass it!

Blank page with a 403

With the iframe embedding feature enabled on the IdP-side, if the iframe goes blank when you hit the Authenticate button and you get a 403 response from the request made to <your_looker_url>/login/saml like in the screenshot below and no request gets made to the IdP, check the browser's setting on third-party cookies! (Note that if you were SSO embedding, this would result in a 401 response instead.)


[IdP url] Refused to connect with a 303

As of Oct 2020, a lot of IdPs do not allow iframe embedding, so hitting the Authenticate button in an iframe where Looker content is privately embedded will result in a "refused to connect" error.

However, Okta does have a flag called "iframe Embedding" that can be enabled:


This content is subject to limited support.                



1 reply

Userlevel 1

Hi, since the last update we are having troubles with iFrame in Confluence and Looker.

The Confluence Pages load with the right embedded looks and after some minutes they  turn into the screen below. Do you know why this could be the case? We use Google Workspace SAML integration for both Confluence and Looker.