Yellowfin Evaluation Guide

Yellowfin is used for both enterprise analytics and embedded analytics use cases and for building bespoke analytical applications. Use this guide to ensure Yellowfin is the right technical fit for your requirements.

Single-Sign On

  • Overview

    Updated 15 June 2020

    How does Yellowfin support SSO?

    Yellowfin is based on a model of user replication. Any user that exists in your application/system today will also need to exist in the Yellowfin application. To automate the process and ensure that the Yellowfin user only ever has access to what we want them to, it is necessary to construct a synchronization process leveraging Yellowfin’s Administrative Web-Services.

    To log a user into the application, you can obtain an authorization token via Yellowfin’s LoginUser web-service call. This token can then be used to either redirect the user into the application or render content via the JS-API.

    This synchronization process can cover everything from user creation, to row-level security to content access, but generally consists of a few common components:

    1. If user doesn’t exist create
    2. If the user does exist, check core user credentials
    3. Ensure user has proper user access to functionality (user roles)
    4. Ensure user has proper user access to content (typically done through user group membership)

    Note that this is a simple implementation, Yellowfin’s Administrative Services offer many other features, focused on automating the entire administration of the application, beyond just users.

    Can I use a SAML Bridge for SSO?

    For those who use an IdP such as Okta or ADFS that allows authentication via SAML claims, Yellowfin provides a pre-built SSO bridge that contains much of the logic outlined above, allowing you to plug in a few simple configuration parameters in and go.

    Can I use LDAP for SSO?

    While not a true SSO method as application login is required, it worth mentioning here that Yellowfin does provide the ability to synchronize the user base, and its permissioning, with an active directory via LDAP configured through a simple in-tool interface.

    Further Reading:

    Read about configuring the SAML Bridge here 

    Read about the SSO Service here