Skip to content

Data Portal

The Satori Data Portal enables data consumers to gain access to data in data stores by requesting access to datasets. Once access has been granted, they receive the data store connection details and credentials.

Screenshot

Setting Up the Data Portal

Follow the steps below to deliver the best user experience to your data consumers.

1 - Configure Single Sign-On (SSO)

To enable data consumers to easily access the Data Portal, configure SAML-based single sign-on (SSL) to the Satori Management Console. Perform the following steps to enable SSO in the Satori Management Console: Single Sign-On Chapter.

To enable data consumers to access the Data Portal, assign them to the Satori app you created in your identity provider.

When data consumers access the Data Portal for the first time, a user will be automatically created for them in the Satori Management Console and they will be assigned the Data Consumer role.

2 - Setting up Authentication Options

To setup your account with the ability to provide your data consumers with temporary credentials for requesting access to data and enabling personal access tokens for creating permanent connections to data stores perform the following configurations:

  1. Temp Credentials Settings - The Data Store access credentials have a preconfigured expiry date that is set in the management console by the data steward. The default credentials expiration time is set to eight hours.

Note: You can set expirations on a per-user or per-group basis:

Screenshot 2. Personal Access Tokens - Personal access tokens are used for permanent connections to data stores. Enable personal access tokens for this account and enable data consumers to create and maintain their own PATs from the Data Portal.

Screenshot

3 - Customize the Data Portal Theme

Customize the user access request forms and the Data Portal interface according to your organization's theme. The customizable elements include company logo, primary and secondary colors.

To customize the Data Portal interface theme perform the following steps:

  1. Select the Settings list menu from the kebab menu on the right side of the application banner
  2. Select the Account Custom Theme tab.
  3. Enable the Custom Theme toggle switch
  4. Select the Data Portal Background Color
  5. Select the Primary and Secondary organization colors.
  6. Upload your Company Logo and use a png file format and ensure that it has a transparency layer for best results. (see inline file format size and configuration parameters).

Screenshot

4 - Configure Datasets to be Displayed in the Data Portal

The Data Portal only displays datasets that data consumers are entitled to use. The list of available datasets varies according to the data consumer's identity and the list of access rules defined on each dataset.

To add a Satori Dataset to the Data Portal perform the following configurations for each Dataset:

  1. First click on the relevant Dataset in the Dataset view.
  2. Select the User Access Rules tab.
  3. Enable the Give Satori Control Over Access to the Dataset toggle switch.
  4. Add users and groups to this Dataset. These users and groups will then see this Dataset in the Satori Data Portal.

In the following screenshot, any member of the "Data Science Team" and "Satori Preauthorized" will see the Dataset called "Example Dataset" in the Satori Data Portal:

Screenshot

In addition to allowing Instant Access, your Satori Dataset can also include Access Request Rules and Self-Service Rules.

  1. Access Request Rules - Users who are a member of the Data Science Team group normally have read only access to this Dataset, but they can request read/write access for 30 days. Screenshot

  2. Self Service Rule - Users who are a member of the Satori Preauthorized group normally have read-write access, but they can request full access for 30 days: Screenshot

Defining Specific User Access Approver

When creating a user access rule you can define specific approvers, multiple approvers, a group or the user direct manager. These approvers overrides the default access approvers for the dataset.

Screenshot

Pre-defined Data Access Purpose

Satori enables you easily provide your data consumers with a list of pre-defined purposes to select from when requesting access to data. Specify whether data consumers need to provide a specific reason when selecting this purpose.

Activating the User Reasons in the Data Portal

To activate the USer Reason Required in teh Data Portal just toggle the rule on or off.

Screenshot

The Data Portal Interface

When one of your data consumers enters the Data Portal they are granted the default Data Access Level, they can then change the access level if required.

A. The specified users and groups has access to a Dataset with their default access rules,they can request Elevated Access by clicking on the gear icon which will open the following commands:

Screenshot B. They can then select the access policy that they require, which will start a manual or an automatic approval process, depending on the rule type access request versus self-service:

Screenshot

IMPORTANT: For more information about datasets, refer to the Datasets Chapter.

5 - Configure Data Store Authentication (Optional)

Satori provides you with the ability to provision temporary credentials and personal access tokens for data consumers for supported data stores.

This simplifies the process of managing users on databases or configuring single sign-on using your identity and cloud providers.

Data Store Authentication

When a user connects to a data store, Satori authenticates and validates the user's Satori credentials. If the credentials are valid, Satori uses these predefined credentials to connect to the data store.

This is a very powerful feature which results in not having to maintain users/passwords directly in your database. Instead, all of the credentials are managed solely by the Satori platform.

Satori Authentication is supported for the following data store types: PostgreSQL, SQL Server, AWS Redshift, AWS Athena, MySQL, Greenplum, S3, MongoDB, Snowflake, CockroachDB.

Enabling Data Store Authentication

To enable your data consumers to use temp credentials and personal access tokens you must activate these features for each of your data stores.

  1. Go to the Data Stores view and select a data store to configure.
  2. Select the Authentication tab.
  3. Turn on the Root Credentials Toggle switch.
  4. Enter the username and password used to connect to the data store. Satori stores credentials in an encrypted form.
  5. To enable Personal Access Tokens for the data store turn on the toggle switch.
  6. Click SAVE.

Screenshot

Note: Enabling data store authentication does not impact existing authentication methods including local database users.

6 - Configuring the Slack Integration (Optional)

To learn how to set up the Slack integration follow the steps in the Slack Integration.

Once the Slack integration is enabled, you can use Slack in addition to using the Data Portal to make dataset access requests.

Opening the Data Portal

The Data Portal is the homepage for data consumers. For other users, to open the Data Portal go to the kebab menu located on the right side of the Satori application banner and select the "Data Portal" option from the drop menu.

Screenshot