User Guide Getting Started Help Center Documentation Community Training
Looker
  
English
Français
Deutsch
日本語
Admin Settings - Embed

The Embed page lets you configure settings for embedded Looker content.

Embedded Domain Whitelist

You’ll need to use this setting if you want to make use of JavaScript events to pass data or actions between a parent page and a Looker iframe.

In that case, add the domain where the iframe is being used to this field, then click Update.

Same-Origin Protections for Looker Login Pages

For new Looker installations 6.10 and higher, same-origin protection is enabled by default. Looker instances that are upgraded from pre-6.10 will keep their existing setting for same-origin protection.

Looker enforces a same-origin policy for iframe content, which means that a page cannot be displayed in an iframe if the parent page domain name is different from the iframe page domain name. This protects against possible UI redress attacks, commonly known as “clickjacking.”

The one exception to this policy is the Looker login page. For the login page, you can use the Same-Origin Protections for Looker Login Pages setting to configure whether or not you want to enforce the same-origin policy:

For certain use cases, it is important to allow Looker login pages to appear within a Looker iframe even when the parent page is not compatible with the Looker instance’s domain name, and so you need to have the Same-Origin Protections for Looker Login Pages setting Disabled:

Set Same-Origin Protections for Looker Login Pages to Enabled if either of the following is true:

To change the setting for same-origin protection, use the pull-down menu to select your desired option, then be sure to click the Update button to save your selection.

Embed Authentication

This feature needs to be enabled if you want to make use of Looker’s Single Sign-on Embedding feature. To do so, select Enabled and click Update.

Embed Secret

This setting is only revealed if Embed Authentication is set to Enabled.

An embed secret is needed to make use of Looker’s Single Sign-on Embedding feature.

To retrieve the embed secret click the Set Secret button.

It’s important to copy the secret and save it in a safe place immediately, as you cannot retrieve the secret from this page after you leave it.

If you need to change your secret you can click the Reset Secret button, but realize that this will break any existing single sign-on embeds.

Embed URI Validator

This setting is only revealed if the Embed Secret has been set.

After generating a URL for Looker’s Single Sign-on Embedding feature you can test it by pasting it in the Embed URI Validator field and clicking Test URI.

Top