Demo TagoRUN user

x.crespo · March 2, 2022, 4:41pm

Hello. I’m trying to create a “demo” user that can access a few dashboards we are using to showcase our products.

I can easily configure the access permisions, however the problem I’m having is that this user coud change the account settings while in the TagoRUN platform (for instance, they can change the password even if they don’t know the current one). Is there any other way to share a few dashboards publicly (not a single one)?

Best regards.

vitor · March 7, 2022, 1:48pm

Hi Xabi,

You can share publicly any Normal Dashboard, as the normal dashboards don’t need access policies and all devices are synchronized with the dashboard directly into the widget. In this case, is good to know that there is no whitelabel available.

For Blueprint dashboards, the only way is by having users and sharing the username/password. You can complains about the password makes total sense to me, and I’ll bring that to our developers, so user needs to enter existing password in order to change. But this wouldn’t fix the issue you have, as the users would have the password in order to login to the account anyway.

The best solution for the moment, would be to write an Analysis that changes the password of the user back to the original, if anyone tries to edit it. You can do that by creating a Action of type resource to run your analysis, and as trigger you can select to run everytime user is edited.

The analysis would be very simple, like this:


const { Analysis, Account } = require('@tago-io/sdk');

// The function myAnalysis will run when you execute your analysis
function myAnalysis(context, scope) {
  const account = new Account({ token: 'Your-account-token' });

  // get the user ID that was updated
  const { id } = scope[0];

  const result = account.run.userEdit(id, { password: 'password for the user' });
  console.info(result);
}

module.exports = new Analysis(myAnalysis);

x.crespo · March 8, 2022, 11:51am

Thanks Vitor, let me know if this changes.

You’ve made a good point claiming that the user would need to have the password to log in. However, we intended to use something like https://COMPANY_ID.run.tago.io/auth/login?bytoken=USER_TOKEN. That’s what the button “Log in as this user” does. Would that work?

vitor · March 8, 2022, 5:57pm

In order to login yes, it would work.

The problem is that the TagoRUN token always have a TTL, there is no option for a token that never expires. You can change the TTL of the tokens on TagoRUN, but this option is not currently available in the admin UI.

In order to change the TTL, and it will apply to all users of the TagoRUN, you need to edit your TagoRUN using the API.

PUT- https://api.tago.io/run
HEADERS

Authorization: Your account-token from the profile settings.

BODY

{ auth_token_ttl: "3 months" }

I highly recommend backing up your RUN JSON when doing changes to the RUN settings through API. You can perform a GET to the same route to get the JSON.

Default TTL is 3 months.