Channels

Introduction

Cockpit Channels page

Security is a fundamental element to consider when giving access to your personal data - that's done through Cockpit Channels, a service that ensures permission control and authorization in accessing your personal data from third-party providers, without exposing any user credentials.

This is how it works:

You connect different cloud accounts (referred to as channels) to your Cockpit account - the following are currently supported: Google, Flickr, Microsoft Azure, Yammer.
You add players into your Cockpit account so that they can get the authorization from Cockpit to access your channels.
You register your Elementi license into Cockpit so that it can get the authorization from Cockpit to access your channels.
You create content using data-driven widgets that display real-time data retrieved from your channels, in a secured manner.

Connect account

When configuring a data-driven widget, you are usually guided to connect a new account directly from Elementi. If you want to add a channel directly from Cockpit, follow these steps:

Log into your Cockpit account.
Click the "Channels" link on the top menu.
Click on the icon of the channel you want to link to your account.
- You are being redirected to the provider’s own website, where you authenticate yourself, and then you confirm which permissions you give to the SpinetiX app.
- Once you authorize the SpinetiX app to access your data on your behalf, you are redirected back to Cockpit.
Done - you can find the new account on the channels list.

Reauthorize account

Third-party data providers are having different policies when it comes to reauthorizing the access to personal data. In most of the cases, Cockpit takes care of this reauthorization transparently. However, there are cases when that is not possible and your intervention is necessary - for instance, if you are using double-factor authorization with your Office 365 account, you'll need to manually reauthorize the Microsoft channel every 14 days. In some cases, the provider might also reveal an expiration data, which is listed next to the channel.

To manually reauthorize an account, follow these steps:

Log into your Cockpit account.
Click the "Channels" link on the top menu.
Find the account you want / need to reauthorize.
Click the "Re-authorize" button.
- You are being redirected to the provider’s own website, where you authenticate yourself, and then you confirm which permissions you give to the SpinetiX app.
- Once you authorize the SpinetiX app to access your data on your behalf, you are redirected back to Cockpit.

Note:

Failing to reauthorize a channel will lead to data no longer showing on the screen, as the player will lose access to the data.

Disconnect account

At any time, you can disconnect any third-party data provider account and thus prevent access to your data to all players registered into your account. To do that, follow these steps:

Log into your Cockpit account.
Click the "Channels" link on the top menu.
Find the account you want to disconnect.
Click the "Disconnect" red button.
Done - the channel is removed from the list and the players will stop showing data from that provider.

Security notes

Cockpit doesn't store any credentials for third-party cloud accounts - while authorizing the SpinetiX app to contact third-party cloud accounts on your behalf, you are being redirected to the provider’s own website, where you authenticate yourself and confirm which permissions you give to the SpinetiX app; then you are sent back to Cockpit. During this process, your login information is never shared with Cockpit. This is part of IT security best practices and is designed to protect privacy.
Cockpit doesn't retrieve, nor stores, any of your personal data from third-party servers. It is just playing the role of a "police officer" giving authorizations (i.e., security tokens) to players and Elementi users to request data from the cloud on your behalf.
- To get data from the cloud, the players first make a call to Cockpit to get the authorization to contact that channel. Cockpit checks whether the player and the channel are linked together and, if so, it will give permission (i.e., security token) to the player to request the data from that cloud account.
- The same goes for Elementi users - Cockpit checks whether the Elementi license and the channel are linked together and, if so, it will give permission to request the data from that cloud account.
At any time, you can disconnect any third-party data provider account and thus prevent access to your data to all players. Or you can remove a particular player from your Cockpit account and that player will no longer have access to your private data.

Third-party data providers are using OAuth 2.0 protocol for authorization. Once you authorize the SpinetiX app to access your data on your behalf, the provider service generates a master app token, that is stored by Cockpit and later used to generate short-lived access tokens for the players. This is a security feature which guarantees that if one of the access tokens is compromised in any way, it can’t be exploited after 15 minutes.