Multi-tenancy by using parameter filters

2:30 min

Medium

If you have an Integration that has access to a multi-tenant dataset that requires row-level filtering, you can apply parameter filters to the association and override these parameters when requesting a SSO token for a specifc user in your application. This is useful if you would like to maintain one Integration for all your clients and make sure that each of them only has access to their relevant data!

Step 1: Define the parameter filter on the dataset

In the screenshot below, we specified a hierarchy array parameter "customerId" and applied it to the "Customer_id" column in our "demo_orders" dataset!

The different parameter types are explained in this Academy article, together with the specific filter expressions supporting these parameter types.

Step 2: Override the parameter in the SSO authorization request

The parameter type also indicates how you should override the parameter in the authorization request:

Numeric - specify a number value (e.g. 1)
Datetime - specify a RFC 3339 date value enclosed in quotes (i.e. "yyyy-mm-ddThh:mm:ss.SSSZ")
Hierarchy - specify a text value enclosed in quotes (e.g. "Text")
[ ] Numeric array (indicated by 'Numeric[ ]') - specify an array of number values (e.g. [1])
[ ] Hierarchy array (indicated by 'Hierarchy[ ]') - specify an array of text values (e.g. ["Text"])

An example of the complete SSO authorization request using our Node.js SDK can be found below:
(Notice that in this example we've specified a parameter override for the hierarchy array parameter customerId)

const Luzmo = require('@luzmo/nodejs-sdk');
var client = new Luzmo({
    api_key: '< Your API key >',
    api_token: '< Your API token >'
  });

let promise = client.create('authorization', {
  type: 'sso',
  username: '12345678',
  suborganization: 'Burrito Co.',
  name: 'SSO user',
  email : 'sso_user@luzmo.com',
  expiry: '24 hours',
  inactivity_interval: '10 minutes',
  metadata: {
    customerId: ['<the customerId for username 12345678>']
  }
});

promise.then((result) => {
  // result.id contains the SSO authorization key,
  // result.token contains the SSO authorization token.
});

Parameters in dashboard editor

You might have noticed that parameters can also be created and used in filters in our dashboard editor: this actually accommodates in getting a preview of how the dashboard would look like for your end user. You can easily prefilter your dashboard(s)/chart(s) which also improves the querying performance!
Do keep in mind that these parameters can be altered/removed by a SSO user with modify access to the dashboard. So in case you are giving edit rights to your users, make sure to always put the filter on the dataset - integration association as well!

Need more information?

Do you still have questions? Let us know how we can help.

Send us feedback!