Membuat dashboard terintegrasi di Sisense dengan single sign-on

Sisense Single Sign-On (SSO)  is a mechanism that allows a system to authenticate users in Sisense and subsequently tell Sisense that the user has been authenticated.
The user is then allowed to access Sisense without being prompted to enter separate login credentials.
The SSO security mechanism allows Sisense to trust the login requests it gets from your corporate authentication system, and will grant access to the users that have been authenticated by it.
Sisense SSO relies on a protocol called JSON Web Token (JWT) for securing the exchange of user authentication data.

Configuring SSO

To access the SSO configuration, click MANAGE in the upper right corner and choose the SINGLE SIGN ON tab on the left.
Fill in the SSO configuration fields and click SAVE:
  • Remote Login URL : This is the URL that Sisense will invoke to attempt remote authentication. In that endpoint the participating application user authentication script is triggered and the JWT payload is generated.
  • Remote Logout URL: This is the URL that users will be redirected to after they log out from Sisense (i.e. the participating application’s home page).
  • Shared Secret: The JWT encryption public key used to encrypt the JWT payload. It is generated once when the SSO configuration is saved.

Implementing SSO Integration

The participant application in the SSO flow is required to implement the user request session authentication by following a specific flow:
  1. Set the appropriate SSO settings.
  2. Implement the authentication API JWT signature by applying a specific JWT protocol, as described below.

Attribute: iat

Mandatory: Yes
Description: Issued at the time the token was generated. This is used to help ensure that a given token gets used shortly after it is generated. The value must be the number of seconds since UNIX epoch. Sisense allows up to 5 minutes clock skew.

Attribute: sub

Mandatory: Yes
Description: Email of the user being signed in, used to uniquely identify the user in Sisense. If the user does not exist in Sisense, it will be created with default consumer privileges.

Attribute: exp

Mandatory: No
Description: Expiration time of the token. After that time the token would be invalid, and the user will be redirected again to the remote login URL for re-authentication. If not present, the token will expire in 1 week. The value must be the number of seconds since UNIX epoch.

Attribute: aud

Mandatory: No
Description: Intended audience for this token. The value can be a collection of strings or a single string. If present, it must contain the string “sisense” (lowercase).

SSO Code Samples

Configure Sisense as a Sub-Domain with SSO

Integrate Sisense as a sub-domain of your web application and embed Sisense into your web application with SSO.
Note: Sisense also works when embedded in cross-domain IFrames.
  1. Add your website to IIS entitled
  2. In the site bindings enter the host name as on port 80:
IIS main domain for sso
  1. Change the existing SisenseWeb site binding to use as host name on port 80:
IIS subdomain for sso
  1. Open the file C:\Windows\System32\drivers\etc\hosts and add mapping for the sites:
  1. Sign in to your Sisense application at and configure the SSO as pictured below:

  1. Place the following SSO script in the server location corresponding to the Remote Login URL in the server’s root directory.  Please note that the SSO script can be implemented in any server-side language.  This example uses Python.  Example code has been attached for C#, PHP, and Python.
  1. In index.html from, the IFrame source is the Sisense dashboard URL.
index.html from
<title>Example Website</title>
    <p><b></b> - <b>SSO</b> login with embedded dashboard from    <b></b></p>
<iframe width="100%" height="100%" src='' />
  1. Navigate to and you should see the specific dashboard you embedded.