Zingtree Tags: access control

How to Use Existing Login Credentials to Restrict Access to Decision Trees

security-blog

Some of our customers have asked for an extra level of security for their trees, such that only people authenticated via a corporate intranet can access it. This article shows how it’s done, for ANY login system on ANY intranet.

Universally restricting access is accomplished by having an internal server access the tree via a server-side include, rather than via a user’s browser via embedded code in the page. This means that all accesses of the tree come from a single corporate IP address or range. Zingtree has an IP filtering option for any tree, so it’s easy to restrict access and use whatever authentication processes are already in place on the corporate intranet.

The method described here can work with organizations using SSO (Single Sign On), or any other login system.

Here are the basics:

  1. Restrict access to your tree to just the IP address of your server(s). This is done via Zingtree’s Settings tool.
  2. Create a web page for the tree to display on your internal server. This page will include the necessary JS and CSS files to show the tree. Load your tree using a server-side call, instead of embedding it into an iFrame or linking to a URL hosted at Zingtree.com.

Examples

Here’s PHP source code for a simple server-side include.

See how this page appears.

Technical Details

The example above is written using PHP, but any server-side scripting language can be used.  Our demo is a template around which a URL for a tree can be loaded. This template contains all the CSS and JS files needed to display a functioning Zingtree decision tree.

Zingtree is built on top of Bootstrap 3, so the basic Bootstrap files are loaded.  There are a few custom controls as well included in the template.

You can swap out the PHP with Python, Ruby, Perl, or any other scripting language you choose.
Have any questions or comments about making your trees more secure? Talk to us!