Getting started with embedding — enabling signed embedding
Stay organized with collections
Save and categorize content based on your preferences.
Signed embedding is a way to present private embedded Looks, visualizations, Explores, dashboards, or LookML dashboards to your users without requiring them to have a separate Looker login. Instead, users will be authenticated through your own application.
Before you can use signed embedding on your Looker instance, you must enable signed embedding in the Looker Admin panel and then create an embed secret. The embed secret validates that a signed embedding request is legitimate and hasn't been forged by someone else. To enable signed embedding, follow these steps:
In the Admin section of Looker, navigate to the Embed page.
In the Embed SSO Authentication drop-down, if the option is set to Disabled select Enabled and then click Update.
Looker will display additional Embed options.
To generate your embed secret key, select the Set Secret button in the Embed Secret section.
If your application will be using JavaScript events passing to communicate between the iframe where Looker is embedded and the parent application, add the domain name of your parent application to the Embedded Domain Allowlist field.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[],[],null,["# Getting started with embedding — enabling signed embedding\n\n| **Note:** If you are using a Looker (Google Cloud core) instance, to enable signed embedding you must use the Embed edition of Looker (Google Cloud core). If you are using a Looker (original) instance, signed embedding must be enabled for your instance. [Contact a Google Cloud sales specialist](https://cloud.google.com/contact) to enable this feature.\n\n[Signed embedding](/looker/docs/2512/single-sign-on-embedding) is a way to present private embedded Looks, visualizations, Explores, dashboards, or LookML dashboards to your users without requiring them to have a separate Looker login. Instead, users will be authenticated through your own application.\n\nBefore you can use signed embedding on your Looker instance, you must enable signed embedding in the Looker Admin panel and then create an embed secret. The embed secret validates that a signed embedding request is legitimate and hasn't been forged by someone else. To enable signed embedding, follow these steps:\n\n1. In the **Admin** section of Looker, navigate to the **Embed** page.\n| **Note:** You must be a [Looker admin](/looker/docs/2512/admin-panel-users-roles#default_roles) or have the [`manage_embed_settings` permission](/looker/docs/2512/admin-panel-users-roles#manage_embed_settings) to view the **Embed** page.\n2. In the **Embed SSO Authentication** drop-down, if the option is set to **Disabled** select **Enabled** and then click **Update**.\n3. Looker will display additional **Embed** options.\n4. To generate your embed secret key, select the **Set Secret** button in the **Embed Secret** section.\n| **Important:** Be sure to copy the embed secret key to a secure location. You won't be able to retrieve the key from Looker again without resetting it. Resetting the embed secret key will break any embeds that used the old key.\n| **Important:** Any user, with any permission level, who has access to the secret key can create a URL to access any model that the Looker instance is connected to. [Protect the signed embed secret](/looker/docs/2512/security-best-practices-embedded-analytics#single_sign-on_embedding) as you would admin credentials to your embedded Looker instance, and keep signed embedding disabled if you're not using it.\n5. If your application will be using [JavaScript events](/looker/docs/2512/embedded-javascript-events) passing to communicate between the iframe where Looker is embedded and the parent application, add the domain name of your parent application to the **Embedded Domain Allowlist** field."]]
