Overview

Datafor helps teams make embedded analytics feel like a native part of the product instead of a separate BI tool living behind another login screen.

With support for OAuth2, SAML2, and CAS, Datafor can align embedded analytics with the identity systems organizations already use. Combined with Datafor's embedding capabilities, URL parameters, XDM interaction, white-label support, and role-based access control, SSO becomes part of a broader product experience rather than a standalone authentication feature.

That matters because embedded analytics succeeds or fails on continuity. If users are forced to stop, sign in again, and jump into what feels like a different system, adoption drops and the product experience feels fragmented.

Single sign-on (SSO) solves that problem. By allowing users to access embedded Datafor content with the same identity they already use in the host application, SSO reduces friction, improves trust, and simplifies access management.

Why SSO Matters for Embedded Analytics

In a standalone BI portal, users usually expect a separate login experience. In an embedded scenario, that expectation changes. Users typically think of analytics as part of the product they are already using, not as a separate system.

Without SSO, teams often run into the following issues:

• Users are prompted to log in a second time after opening an embedded report.
• Authentication behavior feels inconsistent between the host application and the analytics experience.
• User provisioning and deprovisioning must be managed in more than one place.
• Support teams receive more requests related to passwords, login failures, and account synchronization.

With SSO in place, embedded analytics feels more like a native capability instead of an external tool.

Why Datafor Stands Out

Datafor does more than support SSO protocols. It connects SSO to the rest of the embedded analytics experience.

That includes:

• Multiple authentication choices such as OAuth2, SAML2, and CAS so teams can match existing identity architecture.
• Automatic user initialization in supported modes to streamline first login and reduce manual account setup.
• Default role and user type assignment so new users enter the platform with the right access baseline.
• Embedding support that allows reports to live inside the host application instead of redirecting users to a separate BI portal.
• URL parameters and XDM for passing business context from the host application into the embedded experience.
• White Label support to keep branding, labels, and presentation consistent with the host product.

This is what makes SSO in Datafor more valuable than a basic login integration. It helps teams deliver a more seamless, secure, and operable embedded analytics workflow from first sign-in to day-to-day use.

How SSO Improves the User Experience

1. Removes Extra Login Steps

The most immediate benefit is a smoother sign-in flow. When a user is already authenticated in your application, SSO allows embedded Datafor content to reuse that identity context.

This means users can move from the main application into dashboards or reports without being interrupted by another login page.

2. Creates a More Native Product Experience

Embedded analytics should feel integrated, not bolted on. SSO helps maintain a consistent experience across:

• login state
• user identity
• session expectations
• access behavior

This is especially important for customer-facing products, partner portals, and internal enterprise applications where analytics is just one part of a larger workflow.

3. Builds User Trust

Users are more confident when they access analytics through the same identity provider and login standards used elsewhere in the organization. A familiar authentication process reduces confusion and makes the embedded experience feel officially supported.

4. Reduces Access Friction Across Devices and Sessions

When users return to an application, SSO can help preserve a more continuous experience across browsers, sessions, and environments. That continuity matters when analytics is part of day-to-day operational work.

How SSO Improves Security and Administration

1. Centralizes Identity Management

SSO allows authentication policies to be managed in the organization's identity provider instead of being duplicated in multiple systems. This simplifies administration and helps keep access control aligned with company policy.

2. Supports Faster User Onboarding and Offboarding

When employees, customers, or partners change roles, identity changes can be managed centrally. In embedded scenarios, this reduces the risk of analytics access becoming outdated or inconsistent.

Datafor also supports automatic user initialization in supported authentication modes, which can help create users on first login and assign default user types or roles.

3. Helps Enforce Consistent Security Standards

Organizations often need to apply consistent login policies such as MFA, session rules, or centralized account lifecycle controls. SSO makes it easier for embedded analytics to follow the same security model as the host application.

4. Reduces Credential Sprawl

Fewer separate analytics-specific credentials means fewer passwords for users to manage and fewer account-related support issues for administrators.

SSO Options in Datafor

Datafor provides several authentication options that can support embedded analytics deployments:

OAuth2

OAuth2 is a strong fit when your application already relies on modern identity providers such as Google, Microsoft, GitHub, or other OAuth2-compatible platforms. It is often a practical choice for web applications that need a flexible, standards-based sign-in flow.

Reference: OAuth2 Authentication

SAML2

SAML2 is commonly used in enterprise environments that standardize on identity providers such as Azure AD, Okta, or other SAML-compatible platforms. It is a strong option when your embedded analytics deployment needs to fit into an existing enterprise SSO strategy.

Reference: SAML2 Authentication

CAS

CAS can be a good option for organizations that already operate a CAS-based centralized authentication system and want Datafor to participate in that same login flow.

Reference: CAS Authentication

Typical Embedded Analytics Flow with SSO

In a common deployment model:

1. The user signs in to the host application.
2. The host application relies on the organization's identity provider.
3. Datafor is configured to trust the same authentication system through OAuth2, SAML2, or CAS.
4. The application opens Datafor content in embedded mode.
5. The user reaches the analytics content without a separate, disconnected login experience.

This approach helps the embedded report behave like part of the host product rather than a separate BI portal.

Combining SSO with Other Datafor Embedded Capabilities

SSO becomes even more valuable when used together with Datafor's embedded features:

• Report embedding allows analytics to be opened in integrate mode inside an iframe or application page.
• URL parameters help tailor default filters and report context for each user or business flow.
• XDM enables the host application to pass filter values to embedded reports after the page has loaded.
• White Label helps align logos, titles, and branding so the analytics experience matches the host product visually.

Related documents:

• Reports REST API
• Pass parameters through URL
• Embedding Reports Using XDM
• White Label

Best Practices

To get the best embedded analytics experience with SSO in Datafor:

• Use the same identity provider strategy for both the host application and Datafor whenever possible.
• Plan user role mapping before rollout so new users receive the correct default access.
• Test first-login behavior carefully, especially if automatic user creation is enabled.
• Review redirect URLs, certificates, attribute mappings, and callback settings during implementation.
• Validate the full embedded journey, not just the standalone Datafor login flow.

When SSO Has the Biggest Impact

SSO provides especially strong value in these scenarios:

• customer-facing SaaS products with embedded dashboards
• internal enterprise portals with role-based analytics access
• partner or dealer portals that need seamless report access
• applications where analytics is part of an operational workflow, not a separate destination

In all of these cases, SSO helps reduce barriers between users and insights.

Conclusion

SSO improves embedded analytics by making access simpler, more secure, and more consistent with the rest of the application experience. Instead of treating analytics as a separate destination with its own credentials and login steps, teams can make Datafor feel like a natural extension of the host product.

What makes Datafor stronger is that SSO is not isolated from the rest of the product. It sits alongside embedding, role-based access, automatic user initialization, URL parameters, XDM interaction, and white-label branding to create an embedded analytics experience that feels unified from login to insight.

With support for OAuth2, SAML2, and CAS, Datafor gives organizations the flexibility to integrate embedded analytics with existing identity systems while also delivering a more seamless and governable product experience.