This documentation supports the 21.05 version of BMC Helix ITSM: Smart Reporting. To view an earlier version, select the version from the Product version menu.

How users are authenticated when accessing embedded reports and dashboards

When the dashboard or report is loaded, you can pass the authentication details to the API by using the following ways:

  • By passing a user name and password
  • By authenticating via web services and passing the login token to the API

These options allow you to use a specific user to load content rather than requiring users to enter their details. For more information, see Basic-embedded-report-JavaScript-parameters-and-examples.

When a report or dashboard is requested through the JavaScript API, the following process is used to authenticate the user:

  • If the user authentication details are passed to the API when a dashboard or report is loaded, those details log the user in.
  • If the user is already logged in to the JavaScript API on the page, the existing login session is used.
  • If the user has previously logged in to the JavaScript API, the user is automatically logged in with the same account.

When a user enters a BMC Helix ITSM: Smart Reporting user name and password to log in to the JavaScript API, a cookie is stored in the browser to remember the login information. The next time the user visits a page that includes a report or dashboard embedded using the JavaScript API, the same user is automatically logged in. This ensures that users do not need to enter their details every time they request a report or dashboard. By default, the cookie is valid for seven days from the last login. A BMC Helix ITSM: Smart Reporting administrator can change this period by setting the External API cookie timeout value through Administration > Configuration > SystemIcon.png (System) > General Settings. To disable the cookie altogether, set the value to 0.

Note

The cookie value stored in the browser is encrypted. When BMC Helix ITSM: Smart Reporting is restarted, all users are required to log in again.

The requested content of a user is not immediately loaded in the following situations:

  • If none of the above conditions are met, the users cannot be logged in, and are prompted to enter the BMC Helix ITSM: Smart Reporting user name and password manually.
  • If the above process authenticates the user, but the user does not have access to the requested content, an error message is displayed.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*