CONCEPT Cited by 1 source
Embedded analytics¶
Embedded analytics is the pattern of serving BI dashboards and reports inside a host application's user experience — typically via an iframe or SDK widget — rather than as a separate standalone BI tool. The end user never leaves the host app to see analytics; the host app authenticates them once and passes them into the embedded context.
Compare with standalone BI: users click out of the operational app into Tableau, Looker, QuickSight, etc., log in separately, navigate to the right dashboard, and cross-reference.
Why host applications embed¶
- Workflow continuity. Users already in an ERP / CRM / support app need analytics in context (the same account row they're looking at). Switching tools breaks flow.
- Single sign-on + authorization. The host app already knows who the user is and what they're entitled to see. Embedded analytics lets the BI layer inherit that context rather than re-authenticate.
- Branding / UX consistency. Dashboards inside the host app look like part of the product, not a bolted-on third-party tool.
Architectural primitives¶
- Per-viewer signed embed URL. The host app's backend mints a short-lived signed URL keyed to the specific viewer (see concepts/signed-embed-url). The iframe loads that URL; the BI provider enforces authorization against the embedded token.
- Role-to-permission mapping. The host app's identity model (roles, groups, tenant IDs) is mapped at URL-mint time into the BI provider's permission model — often with concepts/row-level-security filters baked into the URL so the viewer sees only their authorized rows.
- CORS + domain registration. The BI provider must be configured to allow iframe embedding from the host app's domain; the host app's CSP must allow the BI provider as an iframe source.
- Rate limiting. The embed-URL-minting endpoint is a backend API that runs on every dashboard load; it needs the same back-pressure + throttling as any other frontend-facing API.
Seen in¶
- sources/2026-04-21-aws-oldcastle-infor-aurora-quicksight-real-time-analytics
— canonical wiki instance. Oldcastle embeds
QuickSight dashboards inside
Infor OS via an API Gateway + Lambda layer that validates
Infor session tokens and calls QuickSight's
GenerateEmbedUrlForRegisteredUser— canonicalised as patterns/signed-embed-url-with-role-mapping. Users access analytics without leaving the ERP interface.