Question

For how long are embed users retained by a Looker instance?

  • 16 April 2021
  • 6 replies
  • 82 views

Hi all,

 

I’ve looked but haven’t found the answer. After an embed user has been created by a Looker instance following access to an SSO embed URL, for how long is the embed user account kept in the instance? I learned embed users are temporary, but how temporary?

 

thank you in advance!


This topic has been closed for comments

6 replies

I don’t think users are deleted automatically after a time period.  You can use the API to programmatically delete some or all embed users at any time.  

https://docs.looker.com/reference/api-and-integration/api-reference/v3.1/user#delete_embedding_credential

 

I don’t think users are deleted automatically after a time period.  You can use the API to programmatically delete some or all embed users at any time.  

https://docs.looker.com/reference/api-and-integration/api-reference/v3.1/user#delete_embedding_credential

Doesn’t the method Delete Embedding Credential of a user instead of deleting a user? I am inexperienced in Looker, so I may not understand some naming conventions, though… What I need is to identify and delete of users of the type embed whose external_user_id ends with a certain string. Those are no interactive users, they get authenticated outside Looker and have no credentials of their own.

more specifically, what happens to an embed user (created by Looker on the fly per SSO embed request) after session_length seconds pass?

more specifically, what happens to an embed user (created by Looker on the fly per SSO embed request) after session_length seconds pass?

It requires the user to login again.

 

I don’t think users are deleted automatically after a time period.  You can use the API to programmatically delete some or all embed users at any time.  

https://docs.looker.com/reference/api-and-integration/api-reference/v3.1/user#delete_embedding_credential

Doesn’t the method Delete Embedding Credential of a user instead of deleting a user? I am inexperienced in Looker, so I may not understand some naming conventions, though… What I need is to identify and delete of users of the type embed whose external_user_id ends with a certain string. Those are no interactive users, they get authenticated outside Looker and have no credentials of their own.

Yes, it would delete the credentials of one embed user not the user itself. 

 

You can use the API to get all embed credentials including the external_user_id field:

https://docs.looker.com/reference/api-and-integration/api-reference/v3.1/user#get_all_embedding_credentials

 

Then, use the delete user API to delete the list of user IDs (one at a time - there is no bulk delete that I know of) that meet your criteria:

https://docs.looker.com/reference/api-and-integration/api-reference/v3.1/user#delete_user

 

 

Thank you, @cranium025

I can see I need to work on how to mark users so that I can search for them…

user_for_credential(credential_type, credential_id, fields) looks hopeful, but it’s a shame it doesn’t support wildcards, otherwise I would use it like:

user_for credentials(‘embed’, ‘%@12345’)

But instead, I will probably create fictitious emails (or even last_name = 12345) so that I can do 

search_users_names(pattern = ‘%@12345’, fields, page, per_page, sorts, id, first_name, last_name, verified_looker_employee, email = true, is_disabled)

on them.