The Embed page in the Platform section of the Admin menu lets you configure settings for embedded Looker content.
Embedded Domain Allowlist
You need to use this setting to make use of JavaScript events to pass data or actions between a parent page and a Looker iframe.
In that case, add the domain where the iframe is being used to this field, then click Update.
Same-Origin Protections for Looker Login Pages
Looker enforces a same-origin policy for iframe content, which means that a page cannot be displayed in an iframe if the parent page domain name is different from the iframe page domain name. This protects against possible UI redress attacks, commonly known as “clickjacking.”
The one exception to this policy is the Looker login page. For the login page, you can use the Same-Origin Protections for Looker Login Pages setting to configure whether or not you want to enforce the same-origin policy:
- Disabled: Looker does not enforce the same-origin policy for the login page.
- Enabled: Looker enforces the same-origin policy for the login page.
For certain use cases, it is important to allow Looker login pages to appear within a Looker iframe even when the parent page is not compatible with the Looker instance’s domain name, and so you need to have the Same-Origin Protections for Looker Login Pages setting Disabled:
- If you use private embedding of Looker content in an iframe of a web page hosted by a non-Looker domain, you need to disable Same-Origin Protections for Looker Login Pages so that Looker can display the login page in the iframe and allow users to log into Looker.
Set Same-Origin Protections for Looker Login Pages to Enabled if either of the following is true:
- You don’t embed any Looker content.
- You use only SSO embedding, since the Looker login page isn’t used for SSO embeds.
To change the setting for same-origin protection, use the pull-down menu to select your desired option, then be sure to click the Update button to save your selection.
Embed SSO Authentication
The Embed SSO Authentication feature needs to be enabled if you want to make use of Looker’s Single Sign-on Embedding feature. To do so, select Enabled and click Update.
Show Filters on Embedded Looks
Set this option to Enabled if you want to display filter values in embedded Looks:
Set this option to Disabled to hide filter values in embedded Looks. Click Update to save your setting.
Remove Look Navigation
The Remove Look Navigation feature lets admins further customize embedded content, specifically embedded Explores and embedded dashboards made using the new dashboard experience.
Removing Look navigation from embedded Explores
By default, embed users with explore
and save_content
permissions will see the following options in the gear menu of an embedded Explore, including the option Save as a Look. Embed users with send or scheduling permissions will also see the Save & Schedule option:
When set to Enabled, the Remove Look Navigation feature removes all references to Looks, including the options Save as a Look and Save & Schedule, from embedded Explores:
Leave the option set to Disabled to keep references to Looks and the options Save as a Look and Save & Schedule in embedded Explores.
Removing Look navigation from embedded dashboards
In addition to removing references and navigation to Looks from embedded Explores, the Remove Look Navigation feature will also remove references from embedded Look-linked tiles on dashboards created using the new dashboard experience when that feature is Enabled:
When Remove Look Navigation is Disabled, embed users will see the option to View Look from Look-linked tiles:
Embed Secret
This setting is only revealed if Embed Authentication is set to Enabled.
An embed secret is needed to make use of Looker’s Single Sign-on Embedding feature.
To retrieve the embed secret, click the Set Secret button.
It’s important to copy the secret and save it in a safe place immediately, as you cannot retrieve the secret from this page after you leave it.
To change your secret, click the Reset Secret button; but remember that this will break any existing SSO embeds.
Embed URI Validator
This setting is only revealed if the Embed Secret has been set.
After generating a URL for Looker’s Single Sign-on Embedding feature, you can test the URL by pasting it in the Embed URI Validator field and clicking Test URI. The URI validator will return a message indicating whether the SSO embed URL is valid.
After you enter an SSO embed URL, the Embed URI quick check section will display the parameters and values that are included in the SSO embed URL: