Securing Dashboards With User Authentication and Embedding

5 Things to Look for in User Authentication and Embedding When Buying a Dashboard Solution for Your B2B SaaS Product

User Authentication and Embedding – 5 Things to Look for When Buying a Dashboard Solution for your B2B SaaS product

User Authentication (the process of determining who can have access to an application environment), User Authorization (the process of determining the access rights of an authenticated user based on their role and level), and Identity Access Management (the process of creating, updating, and deleting users as they move throughout an organization) have become extremely crucial components of customer data experiences in B2B SaaS.

A related concept in this regard is dashboard embedding. We leverage the existing authentication and authorization rules to ensure that the right data and visualization pop up on the screen of the right user at the right time, without any risk of cross-user or cross-customer exposure of data and insights during the embedding process.

For B2B SaaS products, account security and data safety are no longer a choice – it is a necessity. This is especially true for multi-tenant applications where a single environment serves users across multiple customers from the same logical instance. This introduces additional complexity when it comes to ensuring secure access. Furthermore, SaaS products often use a number of integrations over and above the native application. Multiple points of entry and exit for the data and for the users automatically translate to more and more water-tight authentication requirements.

In this blog, we share with you what to look for in user authentication and embedding when purchasing a dashboarding solution for your B2B SaaS product. We also shed light on how existing dashboard developers are currently handling user authentication and dashboard embedding, and how Verb gives you a unique competitive edge. Let’s begin!

Here Are the Top 5 Questions to ask about user authentication and dashboard embedding

Question #1: How Secure is the Authentication process?

Several user authentication processes that are currently touted as “best practices” in the market are actually bad news for B2B SaaS. Hence, the first question that you should ask before investing in a dashboard development solution is this – how secure is it, truly?

Let’s take the example of a simple username-and-password-based authentication, for example. Or, for that matter, let’s consider Single Sign-on – a commonly used authentication process today. The perils of being hacked out of your access are predominant in the first one, while the SSO method is notorious for several drawbacks.

Firstly, the SSO credentials can be easily impersonated, and without multi-factor authentication, it hardly has any leg to stand on. Furthermore, a single point of access also tantamounts to a single point of failure. This means that if the authentication provider’s server is down or if their portal is unavailable for some reason, it all goes out of the window. Lastly, SSOs are complicated to set up due to the very nature of information being shared – i.e. usernames and passwords that are tied to another service provider altogether.

Another question to worry about is authentication that is stale or not time-bound. It poses the risk of someone losing a device or leaving a device unattended and opening the doors for other users/non-users accessing the application accidentally or deliberately.

How We Are Different:

Verb tackles the entire data security and user authentication issue in a highly centralized manner. This means that instead of setting up a new security rule or demanding any external information, we piggyback on the organization’s user identification system.

The exact set of determinants or variables varies from organization to organization, but usually includes user properties like userID, organization ID, role/designation, etc. By “asking” the SaaS company to verify the credentials of a user for us, auto-authentication and auto-authorization take place in real time, making the whole process extremely reliable and secure.

For authentication, a client-side token, like a bearer token, is shared via the SDK. Thereafter, a live server-side handshake is established between Verb and client’s existing authentication endpoint. This prevents any potential risk of password exposure, eliminates complex SSO configurations, and ensures that authorization is enforced on every single request. The whole process happens automatically whenever analytics is requested. It also feeds the water-tight security logic driving row-level security in Verb.

Question #2: How Convenient is the Authentication & Embedding Process?

Believe it or not, even the most secure environments don’t work for B2B SaaS if it’s too much headache to make it happen in the first place.

Take, for example, SDKs.

Imagine having to deploy your development team to develop, implement, and integrate SDKs from scratch! The development effort alone would be a major liability. Furthermore, the flexibility to add new users, new authentication features, added security measures, and spotless identity resolution of each user as they move through the organization (or even exit it) all need to happen in a smooth manner without you having to jump the ship every time. This is at the heart of Verb’s security model.

How We Are Different:

Verb’s SDK is easier to use as there’s no need to develop it separately. It comes bundled with our no-code dashboarding solution and hits the ground running from day one. No new information or additional parameters are needed over and above the authentication properties already identified at the time of setup. Our centralized model ensures that the various security parameters work in tandem with each other and re-use the same security rules each time to determine the authentication and authorization status of users. Along with top-notch security, convenience and transparency are key to everything we do. 

#3 What is the optimal session duration?

User authentication and embedding shouldn’t require ages to implement. Otherwise, the whole data experience becomes self-defeating.

Some of the biggest challenges in preventing the time-to-implement from spinning out of control include optimal session management, user segmentation, and third-party app integrations. If sessions remain active long after the user is away from the system, security issues come into the picture. But if the sessions refresh every few seconds, it leads to frustration on part of the user and consumes more time overall than it should. User segmentation based on roles or groups is another area that has the potential to consume time. Filter-based segmentations, for example, are definitely far less secure by design and cause the time-to-implement to soar. Similarly, not having active, real-time authentication can both cause security breaches and increased time to implement.

How We Are Different:

Verb’s session management for SaaS product interfaces is optimized to provide seamless user experiences while minimizing the time required for user authentication. Our user segmentations are model-based, and not filter-based. The model-based approach uses entity properties to link similar users together – in this case, based on user roles and their data needs. 

Furthermore, user segmentation is guaranteed with Verb, unlike other tools in which one may forget to “segment” manually. We take all manual decision-making and guesswork out of the process. Instead, we align automated user authentication with the natural workflow of the enterprise. Lastly, our active authentication approach is a major time saver for SaaS companies and their clients alike, while building trust into the system by design.

#4 How Much Development Effort is Needed for Seamless Authentication and Embedding?

It is one thing to claim to be no code. It is quite another for a dashboard solution to be completely no-code.

Trust us when we say this: if your development team is taking on any development burden for implementing user authentication and authorization, then your SaaS dashboarding solution is not doing its job.

In the case of a SaaS customer dashboard provider, for example, tokens are created at the back end and then passed to them with every request. This requires extra development and far less plug-and-play. There is no way of inferring authentication-related data, and can’t be done by the client side either, since that would lead to exposure of the client-side code. A few embedded analytics-enabled dashboard companies do allow for SSO and so does our approach, but we make it happen with the minimal information request and zero development effort by the client.

Some SaaS dashboard providers use the concept of “user groups” which need to be created and maintained by development teams. Even so, they suffer from the same limitations of being server-side only & requiring new code each time. But in the case of Verb, automated user segmentation is the mainstay of our approach. We profile users based on their data needs and serve the same swiftly without any back-and-forth or manual intervention.

How We Are Different:

The biggest USP of Verb’s Authentication Process is that while all of the other providers need to be “told” about the viewer, we “ask” an existing API and do it in a way that is fully managed by the SDK (client-side). Also, since we have opted for a model-based solution instead of the filter-based approach adopted by our competitors, ours is a set-it-once-and-forget-it approach. We don’t require you to set it on every dashboard each time. It also means that we can enable data operations like contextual dropdown filters (i.e. show only the values a user is allowed to see) with little or no additional development effort!

#5 How Well Does the Authentication Blend with the SaaS Application’s Dashboard Embedding Mechanism?

So far, we have been talking about user authentication in stand-alone application environments. However, the premise gets even more complicated when dashboards are embedded in integrated environments. As you might already know, the two popular technologies used to embed dashboards are SDKs and iFrames.

Verb takes a highly simplified and secure approach to make embedded experiences secure. To place a Verb dashboard on any page, all you have to do is copy-paste the dashboard URL. This action automatically passes the relevant parameters into the newly-embedded dashboard using our SDK. The iFrame can then be further tweaked to make the UI more user-friendly, visually appealing, and easy to consume.

With other providers, each time an instance of dashboard embedding takes place, user authentication and authorization needs to be revisited. This is to make sure that users don’t mistakenly access data that they are not authorized to access. Furthermore, each time any error states, access denials, or server issues crop up, error messages have to be customized to the particular client’s specifications.

In the case of one of our competitors, for example, a closed system (multitenant) installation is possible where data needs to be manually hidden from different groups or segments within a single organization. Any time users access an embedded instance, this process will be different for various embedding options like Private Embedding, Public Embedding, and Single sign-on Embedding.

How We Are Different:

One of the biggest advantages of Verb’s embedding process is that the embedding URL doesn’t need to be created manually. Furthermore, the users don’t need to be granted the relevant permissions to access an embedded experience each time. Verb auto-identifies what a user can/cannot view based on the user segment that they belong to. During embedded visualization, the parameters set by the user are matched in real-time with the user parameters contained in the embedding request. This way, authenticated users can only see what they are meant to see. Active authentication during embedding prevents data mishandling and the risk of exposure.

Many existing providers limit the embedding experience to only those that don’t require authentication. But for B2B SaaS, that kind of limitation amounts to zilch. Instead, Verb delivers segmented reports based on the pre-authentication of users while simultaneously filtering out data rows based on the identifying details that point to the access rights of the authenticated user. This gives you complete control over the security of your embedded data experiences without your development team having to break a sweat.

While deciding on the right customer dashboard solution for your B2B SaaS product, it is important to evaluate your choices holistically. For example, while one provider may outperform the others in convenience and ease of implementation, it may lag behind in security. However, it is not advisable to use any one parameter alone in making this decision. Instead of force-fitting any provider with your SaaS product, you will benefit more by using the five factors mentioned above to carry out a 360o evaluation to see which provider best meets your needs as well as the needs of your customers.
Get in touch with us here to get started on your data visualization journey!

If you want a tour of our newest features get in touch!