Data Portal
The Satori Data Portal enables data consumers to gain access to data in data stores by requesting access to datasets. Once access has been granted, they receive the data store connection details and credentials.
Setting Up the Data Portal
Follow the steps below to deliver the best user experience to your data consumers.
1 - Configure Single Sign-On (SSO)
To enable data consumers to easily access the Data Portal, configure SAML-based single sign-on (SSL) to the Satori Management Console. Perform the following steps to enable SSO in the Satori Management Console: Single Sign-On Chapter.
To enable data consumers to access the Data Portal, assign them to the Satori app you created in your identity provider.
When data consumers access the Data Portal for the first time, a user will be automatically created for them in the Satori Management Console and they will be assigned the Data Consumer role.
2 - Settings the Default Credentials Expiration
The Data Store access credentials have a preconfigured expiry date that is set in the management console by the data steward. The default credentials expiration time is set to eight hours.
Note: You can set expirations on a per-user or per-group basis:
3 - Customize the Data Portal Theme
Customize the user access request forms and the Data Portal interface according to your organization's theme. The customizable elements include company logo, primary and secondary colors.
To customize the Data Portal interface theme perform the following steps:
- Select the "Settings" list menu from the kebab menu on the right side of the application banner
- Select the "Account Custom Theme" tab.
- Enable the "Custom Theme" toggle switch
- Select the "primary and secondary" organization colors.
- Upload your company logo (use a png file format and ensure that it has a transparency layer for best results).
4 - Configure Datasets to be Displayed in the Data Portal
The Data Portal only displays datasets that data consumers are entitled to use. The list of available datasets varies according to the data consumer's identity and the list of access rules defined on each dataset.
To add a Satori Dataset to the Data Portal perform the following configurations for each Dataset:
- First click on the relevant Dataset in the Dataset view.
- Select the "User Access Rules" tab.
- Enable the
Give Satori Control Over Access to the Dataset
toggle switch. - Add users and groups to this Dataset. These users and groups will then see this Dataset in the Satori Data Portal. In the following screenshot, any member of "Data Science Team" and "Satori Preauthorized" will see the Dataset "Example Dataset" in the Satori Data Portal:
- In addition to allowing instant access, your Satori Dataset can also include request rules and self-service rules. Using the above example as well as the following screenshot:
- Users who are a member of the "Data Science Team" group normally have read only access to this Dataset, but they can request "read/write" access for 30 days, and
- Users who are a member of the "Satori Preauthorized" group normally have read-write access, but they can request full access for 30 days:
- The specified users and groups will have access to this Satori Dataset with their default access rules, but can request "Elevated Access" by clicking on the gear icon which will open the following commands:
- They can then select the elevated access policy that they desire, which will start a manual or an automatic approval process, depending on the rule type (access request versus self-service):
For more information on datasets, see the Datasets Chapter.
5 - Configure Data Store Authentication (Optional)
Satori can provision temporary credentials for data consumers for supported data stores. This simplifies the process of managing users on databases or configuring single sign-on using your identity and cloud providers.
When a user connects to a data store, Satori authenticates and validates the user's Satori credentials. If the credentials are valid, Satori uses these predefined credentials to connect to the data store.
This is a very powerful feature which results in not having to maintain users/passwords directly in your database. Instead, all of the credentials are managed solely by the Satori platform.
Note: This feature is available for all supported database types except Snowflake.
Enabling Data Store Authentication
To enable data store authentication perform the following steps:
- Go to the Data Store view and click on the PostgreSQL Data Store name.
- Select the Authentication tab.
- Check the Root Credentials checkbox
- Enter the username and password to use to connect to the data store. Satori stores credentials in encrypted form.
- Click SAVE.
Note: Enabling data store authentication does not impact existing authentication methods including local database users.
6 - Configuring the Slack Integration (Optional)
To learn how to set up the Slack integration follow the steps in the Slack Integration.
Once the Slack integration is enabled, you can use Slack in addition to using the Data Portal to make dataset access requests.
Opening the Data Portal
The Data Portal is the homepage for data consumers. For other users, to open the Data Portal go to the kebab menu located on the right side of the Satori application banner and select the "Data Portal" option from the drop menu.