Channels

From SpinetiX Support Wiki

Jump to: navigation, search

Introduction

Cockpit Channels page

Security is a fundamental element to consider when giving access to your personal data - that's done through Cockpit Channels, a service that ensures permission control and authorization in accessing your personal data from third-party providers, without exposing any user credentials.

This is how it works:

Connect account

When configuring a data-driven widget, you are usually guided to connect a new account directly from Elementi. If you want to add a channel directly from Cockpit, follow these steps:

  1. Log into your Cockpit account.
  2. Click the "Channels" link on the top menu.
  3. Click on the icon of the channel you want to link to your account.
    • You are being redirected to the provider’s own website, where you authenticate yourself, and then you confirm which permissions you give to the SpinetiX app.
    • Once you authorize the SpinetiX app to access your data on your behalf, you are redirected back to Cockpit.
  4. Done - you can find the new account on the channels list.

Reauthorize account

Third-party data providers are having different policies when it comes to reauthorizing the access to personal data. In most of the cases, Cockpit takes care of this reauthorization transparently. However, there are cases when that is not possible and your intervention is necessary - for instance, if you are using double-factor authorization with your Office 365 account, you'll need to manually reauthorize the Microsoft channel every 14 days. In some cases, the provider might also reveal an expiration data, which is listed next to the channel.

To manually reauthorize an account, follow these steps:

  1. Log into your Cockpit account.
  2. Click the "Channels" link on the top menu.
  3. Find the account you want / need to reauthorize.
  4. Click the "Re-authorize" button.
    • You are being redirected to the provider’s own website, where you authenticate yourself, and then you confirm which permissions you give to the SpinetiX app.
    • Once you authorize the SpinetiX app to access your data on your behalf, you are redirected back to Cockpit.
Note Note:
Failing to reauthorize a channel will lead to data no longer showing on the screen, as the player will lose access to the data.

Disconnect account

At any time, you can disconnect any third-party data provider account and thus prevent access to your data to all players registered into your account. To do that, follow these steps:

  1. Log into your Cockpit account.
  2. Click the "Channels" link on the top menu.
  3. Find the account you want to disconnect.
  4. Click the "Disconnect" red button.
  5. Done - the channel is removed from the list and the players will stop showing data from that provider.

Security notes

  • Cockpit doesn't store any credentials for third-party cloud accounts - while authorizing the SpinetiX app to contact third-party cloud accounts on your behalf, you are being redirected to the provider’s own website, where you authenticate yourself and confirm which permissions you give to the SpinetiX app; then you are sent back to Cockpit. During this process, your login information is never shared with Cockpit. This is part of IT security best practices and is designed to protect privacy.
  • Cockpit doesn't retrieve, nor stores, any of your personal data from third-party servers. It is just playing the role of a "police officer" giving authorizations (i.e., security tokens) to players and Elementi users to request data from the cloud on your behalf.
    • To get data from the cloud, the players first make a call to Cockpit to get the authorization to contact that channel. Cockpit checks whether the player and the channel are linked together and, if so, it will give permission (i.e., security token) to the player to request the data from that cloud account.
    • The same goes for Elementi users - Cockpit checks whether the Elementi license and the channel are linked together and, if so, it will give permission to request the data from that cloud account.
  • At any time, you can disconnect any third-party data provider account and thus prevent access to your data to all players. Or you can remove a particular player from your Cockpit account and that player will no longer have access to your private data.
Third-party data providers are using OAuth 2.0 protocol for authorization. Once you authorize the SpinetiX app to access your data on your behalf, the provider service generates a master app token, that is stored by Cockpit and later used to generate short-lived access tokens for the players. This is a security feature which guarantees that if one of the access tokens is compromised in any way, it can’t be exploited after 15 minutes.
This page was last modified on 7 December 2023, at 10:30.