Internal Dashboard
Last updated March 22, 2024
Setting up URL
To configure the internal dashboard, set the URL to the URL of an individual customer in your internal tool (e.g. https://www.myapp.com/admin/user?user_id={user_id}/
).
You can use variables in the URL by wrapping them in curly brackets (e.g., {variable}
). You can use the following variables in your URL:
user_id
user_email
user_name
agent_email
Security Settings
In order for your internal dashboard to be visible within Atlas, the page needs to allow embedding. To check for this, ensure that the HTTP response from your server:
- doesn't haveÂ
X-Frame-Options
 header - has the
Content-Security-Policy
 header withframe-ancestors atlas.so
 value - (if you are using cookie based authentication) has the authentication cookie set as
SameSite=None
Setting up Content-Security Policy
If this is not set correctly, you’ll see an error that looks like:
🛑 Refused to frame ' https://app.yourcompany.com/ ' because an
ancestor violates the following Content Security Policy
directive: "frame-ancestors 'self'".
You can set the Content-Security-Policy
header via your application server. Here are some examples for some of the most common servers:
Apache Content-Security-Policy Header
Add the following to your httpd.conf
 in your VirtualHost
 or in an .htaccess
 file:
Header set Content-Security-Policy "frame-ancestors 'atlas.so';"
Nginx Content-Security-Policy Header
In your server {}
 block add:
add_header Content-Security-Policy "frame-ancestors 'atlas.so';";
You can also append always
 to the end to ensure that nginx sends the header regardless of response code.
IIS Content-Security-Policy Header
You can use the HTTP Response Headers GUI in IIS Manager or add the following to your web.config:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="frame-ancestors 'atlas.so';" />
</customHeaders>
</httpProtocol>
</system.webServer>
Tips
- If you already have a
Content-Security-Policy
header, you can extend it by adding value after semicolon (;
). - If you’re
Content-Security-Policy
header already uses anÂframe-ancestors
 value, you can safely extend it by adding onlyÂatlas.so
 domain.
Setting up SameSite=None
in the Cookie
If you are using cookie based authentication, then you will have to set the samesite
attribute of the auth cookie to None so the cookie is accessible in Atlas UI.
from flask import Flask, make_response
app = Flask(__name__)
@app.route('/')
def hello_world():
resp = make_response('Hello, World!');
resp.set_cookie('same-site-cookie', 'foo', samesite=None);