How to embed Databricks AI/BI Dashboards in customer-facing applications
Deliver live analytics to external audiences, without adding new licenses or users.
Summary
- Embed Databricks AI/BI Dashboards directly inside customer or partner-facing apps.
- Authenticate viewers through your application using a Service Principal, not individual Databricks accounts.
- Personalize data securely with row-level filtering and audit visibility, with no per-user fees.
Databricks AI/BI Dashboards are often used to power internal analytics: sales reports for go-to-market teams, operational dashboards for supply chain managers, weekly KPIs for leadership reviews. But in many organizations, the most valuable analytics are the ones that need to be shared with customers, suppliers, or partners. These are the insights that shape product value, strengthen relationships, and differentiate your platform.
With Embedding for External Users, you can take a dashboard that already exists in Databricks and place it directly inside a customer or partner-facing application. The experience is fully interactive and live. Users never need a Databricks account. And because Databricks charges based on compute rather than per-user or per-session, you can scale your analytics to thousands of viewers without incurring unpredictable fees.
This guide walks through how external embedding works and how to set it up securely, including authentication, permissions, row-level filtering, and audit visibility.
Understanding Internal vs. External Embedding
There are two ways to embed Databricks AI/BI Dashboards.
If your viewers are internal to your organization and already sign in using your identity provider, you can simply open the dashboard, select Share, choose Embed code, and paste the resulting iframe into a tool such as Confluence or Salesforce. When users open the embedded dashboard, they sign in using their Databricks credentials and Unity Catalog enforces access controls. This is ideal for teams, departments, and business units inside your company. We refer to this as basic dashboard embedding. To learn more, watch this video.
However, this method does not work if your audience is external and does not have Databricks accounts. In that case, you will use Embedding for External Users, which authenticates through a Service Principal rather than individual users. This allows someone outside your identity provider to interact with a dashboard using secure, short-lived, scoped tokens issued by your application.
The result is a seamless embedded experience for external viewers, with the AI/BI Dashboard presented as a natural extension of your application’s interface.
How External Embedding Works
At a high level, your application authenticates with Databricks on behalf of each external viewer. The application requests a scoped token that identifies the viewer and, optionally, includes a filter value to control the data they are allowed to see. Databricks executes the dashboard using the Service Principal’s permissions and returns only the data that is permitted for that viewer. User activity is tracked and auditable.
This structure enables you to offer personalized data experiences in a secure and governed manner, without requiring the provisioning of new human identities.
Step-by-Step Setup
1. Allow-list your host application’s domain
In Databricks, go to Workspace Settings → Security → External Access and add the URL of the application where your dashboard will appear to the list of Approved Domains. For development, you should add https://localhost or consider allowing all domains if using a development workspace.
2. Create and publish your dashboard
Build the AI/BI Dashboard as you normally would. When publishing, choose to publish without embedded credentials. This ensures the dashboard always runs using the Service Principal, which gives you full control over the data it can query.
3. Create a Service Principal for your application
Navigate to Settings → Identity and Access → Service Principals and create a new Service Principal that represents your external application. Generate an OAuth secret and store it securely. This Service Principal is the identity Databricks will use when running dashboard queries.
Grant the Service Principal SELECT+ permissions on any underlying tables or views referenced by the dashboard.
4. Share your dashboard with the Service Principal
Open the dashboard, select Share, and grant the Service Principal Can Run access. The Service Principal can now execute the dashboard in place of a human user.
5. Generate OAuth tokens in your application
At this point, you will need to have your own application to proceed. Feel free to follow along with using our example application here.
Your application will need to generate an OAuth token for each viewer who comes to your dashboard. In our example application, the code looks something like this:
6. Apply row-level security and viewer tracking
To add observability and optionally to personalize data, request a scoped token that includes both a viewer identifier and an optional filter value:
external_viewer_iduniquely identifies each external viewer and automatically surfaces in Databricks audit logs, giving you full visibility into who viewed what.external_value, if specified, can be referenced in your dashboard SQL via the global variable__aibi_external_valueto apply row-level security dynamically. It will only be shown in your query history and in your token.
For example:
This allows your app to display each customer's own data, eliminating the need for duplicated dashboards or datasets. These values are securely signed via OAuth and cannot be changed by users of the application.
7. Render the dashboard in your application
Embed the dashboard securely in your application using the Databricks client:
Your customers and partners can now view live, interactive AI/BI Dashboards with no Databricks login required.
Simple, Scalable Pricing
Databricks does not charge per user or per viewer session. You only pay for the SQL compute that powers the dashboard queries, the same as you would for internal analytics. This makes it well-suited to customer-facing analytics where the number of users may be large or unpredictable.
Get Started
To try embedding AI/BI Dashboards in your own applications, check out our example application here and also refer to the Databricks documentation.
With just a few lines of code, you can extend Databricks-powered insights directly into your products and customer experiences—securely, at scale, and powered by the same unified compute and governance model that runs everything else.
