My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
Category / Section
  2. Embed reports

How Authentication Works in Embedded Bold Reports Using a Single Server Account (Without Importing Users)

Published:
Updated:

Imagine your application already serves 2,000 users, and you onboard 100 additional users. How do these users gain access to embedded reports without manual setup in Bold Reports? Here’s the process:

Step 1: Your Application Owns Identity Management

Your application is the single source of truth for user identities, roles, and permissions. Bold Reports does not require you to create or synchronize individual users. When new users join—whether it’s 100 or 1,000—they remain in your application’s user database or identity provider. No changes are needed in Bold Reports, as your app fully controls who the user is and what they can access.

Bold Reports requires at least one valid user account to generate tokens. Typically, this is a shared service account. The actual user context is passed through the token.

Step 2: Token-Based Authentication

When a user opens a report, your backend generates an embed token using the Bold Reports Authentication API.
This token acts as a secure credential and can include:

  • A valid Bold Reports service account (email and password)
  • Optional report parameters
  • Optional custom attributes (e.g., userId, role, region)

These attributes enable a personalized reporting experience and help enforce data‑level security policies.

For user-specific reporting scenarios, you must use username‑ and password‑based embed token generation.

Step 3: Example – User Alice’s Access Flow

Click to view Alice’s journey

Scenario: Alice logs in and opens a report.

Process:

  1. Your backend requests a Bold Reports access token using a service account.
  2. Your frontend initializes the Report Viewer with that token.
  3. Bold Reports renders Alice’s personalized data using attributes in the token.

Sample Token:

{
  "userId": "Alice123",
  "role": "Manager",
  "filters": { "region": "North" }
}

Step 4: Row-Level Security

Bold Reports applies filters and parameters from the token during report execution.
For example, if Alice is a Manager, your app adds region="North" to the token, ensuring Alice only sees North-region data.

Filter data based on Parameter in Report

Step 5: Seamless Scalability

Onboarding new users—whether it’s 100, 500, or any number your application requires—needs no configuration changes in Bold Reports.
Your application simply issues tokens for each user, allowing them instant access to embedded reports.

Step 6: Permissions

Your application enforces view/edit permissions using the Bold Reports Server API:

  • Retrieve available reports
  • Restrict access by role or group
  • Manage permissions dynamically

Bold Reports simply renders reports based on the token—it does not manage per-user permissions internally.

Get Reports List | REST API Reference
Attachments
Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Comments (0)
Access denied
Access denied