How to Embed Looker Dashboard

Embedding a Looker dashboard into your website or a different application is one of the most effective ways to share live, interactive data where your team or customers already work. It turns passive analytics into an active part of your workflow. This guide breaks down the different ways you can embed Looker content and provides step-by-step instructions for each method.

Graphed

Your AI Data Analyst to Create Live Dashboards

Connect your data sources and let AI build beautiful, real-time dashboards for you in seconds.

Build Your First Dashboard

Why Embed Looker Dashboards in the First Place?

Before jumping into the "how," let's quickly cover the "why." You might think sending a link to a dashboard is enough, but embedding offers unique advantages that a simple URL can't match.

• In-Context Insights: Instead of making users switch tabs and log into another tool, you bring the data directly to them. This could be placing a sales performance dashboard inside your Salesforce portal, showing user engagement stats in your internal product tool, or displaying KPIs on a public-facing website.
• A More Seamless Experience: Embedding retains the look and feel of your own application. It creates a unified experience where data is a natural component of the user's workflow, not a disconnected, third-party report they have to go find.
• Enhanced Security and Control: You can precisely control who sees what data. This is especially powerful when embedding for external clients, as you can filter the dashboard to show only the data relevant to that specific user, ensuring privacy and relevance.
• Data Monetization: If you run a SaaS company, you can offer client-facing analytics as a premium feature. This "powered by Looker" approach lets you provide valuable insights to your customers directly within your own product without building an entire analytics engine from scratch.

Understanding Your Looker Embedding Options

Looker provides three primary methods for embedding, each designed for different use cases and levels of security. Choosing the right one is critical for a successful implementation.

1. Public Embedding

This is the simplest and quickest way to embed Looker content. A public URL makes the dashboard available to anyone who has the link, without requiring them to log in to Looker. The embedded content is displayed within an iframe on your webpage.

• When to use it: Perfect for sharing non-sensitive data on a public website, a public-facing blog, or a company-wide wiki where login credentials aren't practical. Think of embedding a map of website visitors or a public dashboard tracking industry trends.
• Security note: Be extremely cautious with this method. Anyone with the URL can view the data, so only use it for information that is truly intended for public consumption.

2. Private Embedding

Private embedding is a step up in security. The content is still embedded via an iframe, but anyone trying to view it must be an existing Looker user and will be prompted to log in to their Looker account. If they aren't logged in, they'll see a login screen right inside the iframe.

• When to use it: Ideal for internal-facing applications like team dashboards in a company portal or an intranet site where all viewers are already Looker users. It saves them the step of navigating to Looker but maintains your existing security protocols.

AI for Data Analysis

Crash Course

Graphed

Free PDF Guide

AI for Data Analysis Crash Course

Learn how to get AI to do data analysis for you — the best tools, prompts, and workflows to go from raw data to insights without writing a single line of code.

Download Free Guide

3. SSO (Single Sign-On) Embedding

SSO embedding is the most secure, flexible, and seamlessly integrated method. It is the gold standard for embedding dashboards in customer-facing applications or secure internal portals. With SSO embed, users authenticate through your application, not Looker. Your application generates a special, signed URL that tells Looker who the user is, what permissions they have, and what data they can see. The user never needs a separate Looker account, creating a truly frictionless experience.

• When to use it: Use SSO when embedding analytics for your customers in your SaaS product, for partners in a secure portal, or for any scenario where you need granular, row-level data security and a branded experience.

How to Embed a Looker Dashboard: A Complete Guide

Now, let's walk through the setup process for each method. The first two are straightforward, while SSO embedding requires a more technical setup on your server.

Method 1: Publicly Embedding a Dashboard

Follow these steps to create a simple, public embed iframe.

1. Admin Setup: A Looker administrator must first enable public sharing. This is done by going to Admin > Platform > Embed > Public URLs and enabling the feature.
2. Access Your Dashboard: Navigate to the saved Looker dashboard you want to share.
3. Get the Embed URL: Click the gear icon (or three-dot menu) in the top right corner of the dashboard and select "Get embed URL."
4. Generate the Public Code: In the window that appears, click on the "Public Access-Unsecured" tab. This will generate the iframe code for you.
5. Copy and Paste: Copy the entire iframe code snippet and paste it into the HTML of your website or application where you want the dashboard to appear.

The code will look something like this:

<pre><code>&lt,iframe src="https://yourlookerinstance.looker.com/embed/dashboards/123?theme=theme_name" width="600" height="400" frameborder="0"&gt, &lt,/iframe&gt,</code></pre>

Method 2: Privately Embedding a Dashboard

This process is very similar to public embedding but points to a different URL that forces a login.

1. Navigate to Your Dashboard: Open the dashboard you wish to embed.
2. Get the Embed URL: As before, click the gear/menu icon and select "Get embed URL."
3. Copy the Private Code: By default, the menu will show the private "Embed URL." Simply copy this URL or the entire iframe snippet. It will look identical to the public one but without the word public in the path.
4. Embed in Your Application: Paste the code into your application. When users visit the page, the iframe will display a Looker login screen if they aren't already authenticated.

Graphed

Your AI Data Analyst to Create Live Dashboards

Connect your data sources and let AI build beautiful, real-time dashboards for you in seconds.

Build Your First Dashboard

Method 3: Setting Up SSO Embedding

This method is more involved and typically requires a developer who can write server-side code. This process ensures the entire authentication flow is secure and cannot be manipulated by end-users.

Step 1: Enable SSO Embedding in Looker

First, an admin needs to enable the feature and secure your embed secret.

• Navigate to Admin > Platform > Embed > SSO Authentication.
• Toggle the switch to "Enabled."
• Looker will provide an "Embed Secret." Copy this and store it securely on your server. Never expose this secret in client-side code (like JavaScript in a web browser).

Step 2: Construct the SSO URL on Your Server

This is the core of the process. Your server-side code (e.g., Python, Ruby, Node.js) needs to dynamically build a URL for each user who is viewing the dashboard. This URL contains parameters that describe the user and is signed with your Embed Secret to prevent tampering.

Here are the essential parameters you'll need to define:

• external_user_id: A unique identifier for the user from your application's database (e.g., "user-54321").
• permissions: An array of permissions defining what the user can do (e.g., ["access_data", "see_user_dashboards", "download_with_limit"]).
• models: An array of the LookML model names the user can access (e.g., ["core_analytics", "marketing_data"]).
• user_attributes: This is how you enforce row-level security. It's a key-value object linking back to your LookML. For example, you can pass {"company_id": "acme-corp", "region": "North America"} to filter the dashboard data automatically for that user.
• session_length: The duration in seconds that the session will be valid.
• nonce: A unique, random string used once to prevent replay attacks. This is often a timestamp plus a random number.
• time: The current time as a Unix timestamp.

Step 3: Generate the Signature

To prove the URL is legitimate, you must sign it. The process is:

1. Construct a specific "string to sign" by combining the host, path, and all parameters in alphabetical order.
2. Use an HMAC-SHA1 algorithm to hash that string using your Embed Secret from Step 1.
3. Base64-encode the result. This final value is your signature.

This is a complex step, and Looker provides SDKs and example code in various languages to help you build the URL and generate the signature correctly.

Step 4: Create the final iframe

Your server-side code will then assemble the full URL and pass it to your front-end. The full iframe might look something like this, with a very long, signed URL:

<pre><code>&lt,iframe src="https://yourserver.com/api/get-looker-url" ...&gt,&lt,/iframe&gt,</code></pre>

The src here would point to an endpoint on your server that returns the signed URL, or the server would render the page with the full signed URL already in place. Your application handles the login, constructs the URL in the background, renders the iframe, and the user sees a perfectly filtered, interactive dashboard without ever knowing Looker is involved.

AI for Data Analysis

Crash Course

Graphed

Free PDF Guide

AI for Data Analysis Crash Course

Learn how to get AI to do data analysis for you — the best tools, prompts, and workflows to go from raw data to insights without writing a single line of code.

Download Free Guide

Best Practices for Embedded Analytics

Embedding dashboards is powerful, but a bad implementation can lead to slow load times and security risks. Keep these tips in mind:

• Prioritize Performance: Don't try to embed dashboards with dozens of complex data tiles. Each tile is a separate query. For embedded content, focus on showing only the most critical information to keep load times fast.
• Use Theming: In Looker, you can create custom themes (Admin > Platform > Themes) to control the colors, fonts, and general appearance of your embedded dashboards. This helps them blend seamlessly with your application's design.
• Leverage the Embed SDK: For advanced use cases, Looker offers a JavaScript Embed SDK. This allows your parent application to communicate with the embedded dashboard. For example, you could have a search box on your application's page that dynamically updates the filters in the embedded Looker dashboard.
• Never Expose Your Embed Secret: This bears repeating. The SSO embed secret should be treated like any other sensitive API key or database password. It should only live in a secure server-side environment.

Final Thoughts

Embedding dashboards from a tool like Looker provides a fantastic way to deliver in-context analytics, empowering users to make data-driven decisions directly within their day-to-day applications. Whether you’re using a simple public embed or a fully secure SSO implementation, the key is to bring the insights to where the action is.

For many teams, however, the technical complexity and setup time for tools like Looker act as a roadblock. We built Graphed for this exact reason. Instead of navigating layers of admin settings and writing server-side scripts for embedding, we offer a more modern approach. You connect data sources like Shopify or Google Analytics in seconds and use simple, natural language to build and automatically update powerful dashboards. It's the easiest way to give your entire team the answers they need without the traditional BI learning curve or development overhead.