Knowledge Drop

Why aren't my SSO embed URLs creating a new embed user when I access them?

Userlevel 3

Last tested: Apr 28, 2021

If you are getting a "You are not authenticated to view this page" 401 error, then the login has failed and the user will not be created. Try the URL in the Embed URI Validator. Fabio's troubleshooting guide can also be helpful.

If the login is successful, this most likely means that existing credentials are being used instead of new credentials. Check to see whether the external_user_id in the embed URL matches the embed credentials of an existing user under Admin - Users.

If the external_user_id does not match an existing user, check to see if force_logout_login is set to false in the embed URL. If so, when a user has an existing UI Looker session and accesses a new URL, their existing credentials are used instead of the embed credentials defined in the new URL, so no new user will be created.

It is generally recommended to set force_logout_login to true to avoid these issues. Virtually all use cases for setting force_logout_login to false can be made cleaner by using SSO embed authentication only for the first iframe (with force_logout_login = true), with subsequent pages using private embed to avoid having the user log in again.


This content is subject to limited support.                



0 replies

Be the first to reply!