Secure your data visualizations with Authenticated Embedding in MongoDB Charts

Now that MongoDB Charts has gotten even more embeddable via the general release of our Embedding SDK, it’s time to get secure and make the most of it by utilizing one of the core new features in the release, Authenticated Embedding.

Many users of MongoDB store sensitive information. And many people use MongoDB to make incredible applications that would benefit from integrated data visualizations of that sensitive information. With that in mind, we’ve provided the ability to integrate embedded charts with a site’s existing authentication system. This ensures that only authenticated users are able to view the embedded charts.

Today, we’re the Sales Manager at Made-Up-Company-Name Inc. We’ve got a lot of data we want to show to our regional managers as charts and tables integrated into our home-grown CRM system. This data is sensitive, so we don’t want it visible to anyone outside the sales team. Furthermore, we want to contextualize it by location: for compliance reasons, it’s important our regional managers don’t have access to data from outside their region so that we can ensure our company abides with the new legislation.

Getting Started

Made-Up-Company-Name is already an avid user of Charts, and already has a dashboard populated with data like so.

You can see our dashboard contains the names and addresses of users. We want to

  • Make sure this data is secure
  • Embed this chart in our CRM
  • Make this data relevant to our regional managers.

So let’s do exactly that!

Secure our Data

Setting up Charts to be ready for authenticated embedding is a simple three-step process.

  1. Enable authenticated embedding on the Chart
  2. Enable authenticated embedding on your Data Source
  3. Create an authentication provider in Charts. Our CRM system already employs Google sign-in across our application, so we’ll create a Google authentication provider to unify our security system.

With this configuration in place, our chart will not render for users who fail to authenticate with one of our authentication providers. Users attempting to render the chart regardless will see an error message indicating the chart failed to render. No peeking!

Embed the Chart

The chart rendering logic inside our CRM will look a bit like this. It’s important to call this logic when we successfully sign in with Google, which can be found on the data-onsuccess HTML field. Get more info from Google's documentation.

import ChartsEmbedSDK from '@mongodb-js/charts-embed-dom';

const id_token = googleUser.getAuthResponse().id_token;

const sdk = new ChartsEmbedSDK({
          baseUrl: "https://charts.mongodb.com/a2e1-f2d3c-pebbp",        
          getUserToken: () => id_token
        });

const chart = sdk.createChart({
  chartId: '6b135aa1-8289-479c-bbe1-81bd2bad91b1',
});
 
// render the chart into a container
chart.render(document.getElementById('chart'))

Making Data Relevant & Compliant

We need to make our application compliant with local data security laws, so we need to restrict regional managers' read access to their local datasets. In order to accomplish this, we’re going to use Injected Filters.

Injected Filters & Google Authentication

With the Google authentication provider, you can protect your Charts via Google sign in. If you have a Google Project Client ID, it’s as simple as sharing that string with Charts and we’ll handle the rest.

Edit CRM Google Auth

And just like that, we’ve made our Chart secure! Now it’s time to make it localized and compliant. Thanks to Charts Injected Filters, you have the power to filter your Charts based on the authentication access token. This is true for any embedding authentication provider.

Made-Up-Company-Name Inc has set up their Google project to utilize custom token fields. More info on that here. For example, let’s create a filter on our Charts data based on the token that’s been authenticated.

This function will take the country field we’ve placed in our Employee’s Google sign-in JWT tokens and use that information to return a filter on the country field in our database. This will remove any document that doesn’t have the same country field as specified in the token.

Now all Charts displayed via this method will have this filter applied! Not only that, but users who lack this custom field in their authorization token won’t be able to see any data. We’ve made our data more secure, and brought value to our regional managers by localizing their data set.

There are hundreds of possible filters and configurations possible by combining Injected Filters and authentication, and that’s just one way our SDK can bring value to your application.

Have a Go

If Made-Up-Company-Name’s challenges are anything like your own, getting started with embedding in MongoDB Charts is easy. You can kick off with Charts for free, simply by signing up for MongoDB Cloud, deploying a free Atlas cluster, and activating Charts. From there, you can learn more by reading our documentation and exploring our embedding example apps, including working examples utilizing Google, Stitch, and JWT authentication providers.

We’d also love to find out more about how our users embed their charts. If you have suggestions on how to improve anything in Charts, use the MongoDB Feedback Engine. We use this feedback to help improve Charts, and figure out where users need help.

← Previous

From Jazz Professional to MongoDB Certified Professional of the Year

Announcing the MongoDB Certified Professional of the Year, Michael Schreier

May 7, 2020
Next →

Using MongoDB Skill Scanner to Build Better Training Programs

Technology leaders know that transformation is about more than just adopting modern technologies like MongoDB. The entire organization has to rally behind change — which is no easy task. The skills that modern development teams need are evolving faster than ever, and hiring to fill skills gaps can be too time-consuming and expensive of a process for many organizations. So it’s imperative that we plan for how we want to bring our people with us on our modernization journey, and proactively upskill them on the technologies we’re betting on. Because what happens if you choose MongoDB, but your developers don’t know how to use it? CIOs know that training programs are easier said than done. EY reported that 30% of CIOs acknowledge that their training programs are ineffective, and that they’re struggling to retain talent because of it. These leaders come to us to help them build and execute their MongoDB training programs , and seek advice on two extremely common yet critical challenges: How do we get away from the less effective one-size-fits-all approach? How do we measure the ROI of our training program and connect it to business impact? How we use MongoDB Skill Scanner to overcome training challenges Our Professional Services team uses a tool called MongoDB Skill Scanner to address both of these challenges. This tool helps us provide these three benefits to our customers looking to build a training program: Improve MongoDB proficiency: Teams can use Skill Scanner to quickly and easily assess the MongoDB skill gaps of their team members and gain a comprehensive understanding of their team’s MongoDB skills baseline. Increased productivity and accuracy: When team members have a comprehensive understanding of MongoDB, they are able to work more quickly and accurately on projects, leading to increased productivity and a higher quality of work. Save time and money with targeted Training: Using Skill Scanner, customers can avoid wasting time and money on trial-and-error learning. Instead, they can focus on improving their skills in a more targeted and efficient way with right-sized training plans. By leveraging this data, our customers’ engineers can engage in the right training at the right time, targeted for their job role and specific skill shortages. When a training program is built this way, engineers maximize their knowledge retention and minimize time away from their projects. Skill Scanner includes three role-based assessments, one for developers, database administrators, and DevOps respectively. Through a series of multiple choice questions, Skill Scanner provides customers with a clear understanding of their level of expertise across a set of technical skills that are critical for success in their role. After submitting the assessment, engineers will get results in each skill area outlining if they are beginner, intermediate, or advanced. Why data-driven training programs matter We’ve learned that it’s not enough to just tell teams to go watch training videos or webinars on their own, or to place everyone in the same one-size-fits-all program. Skills gaps vary from team to team, and individual to individual. The one-size-fits-all approach of some programs may not address individual learners' needs, wasting time and making it difficult for them to acquire new skills. By using Skill Scanner, we’re able to interpret this data to help determine which training courses your team should take. But we don’t only capture this data before doing training; we use Skill Scanner again after training programs are completed to see where immediate improvements have been made. This helps technology leaders prove the impact and ROI of their training, and gives them the confidence that their teams are ready to be successful with MongoDB. Developing a Precision Learning Program To go even further, our team can work with you to build a Precision Learning Program, where we use Skill Scanner data to build learning schedules that are unique to each individual. These schedules include a variety of short, blended, learning events such as classes, technical workshops, self-paced exercises, and project coaching. We’ve seen PLP lead to higher knowledge retention and of course, measurable project results. A customer who recently concluded their PLP saw a 43% increase in knowledge retention. Getting started building a personalized training program Skill gaps aren’t a novel problem IT leaders are facing. But with new digital courses, training, and technologies, the resources to close these gaps are at your fingertips. Skill Scanner and Precision Learning Program have been specifically designed to empower teams by offering targeted training that enhances their understanding of MongoDB. These short training events are carefully crafted to close skill gaps without compromising developer productivity. We’ve seen a variety of customers use this tool to help train their team’s individual needs, from needing to upskill new hires on their teams, projects with new MongoDB products, migrating to MongoDB Atlas, and more. It also saves your business the hours developers would've wasted searching for answers (and developers don’t want to spend their time that way, either). “We need help getting from point A to point B and feel MongoDB is uniquely positioned to help” — CTO at large insurance firm If you're interested in trying out MongoDB Skill Scanner or want to explore the MongoDB Precision Learning Program further, you can reach out to your account representative or contact us directly .

June 7, 2023