Databricks Community

abhijit007 · Sunday

Hi everyone,

I’ve created an AI/BI Dashboard in Azure Databricks and successfully published it, generated an embed link. My goal is to embed this dashboard inside a Databricks App (Streamlit) using an iframe.

However, when I try to render the dashboard in the app, I’m repeatedly prompted for SSO authentication. Even after completing the SSO login successfully, the dashboard does not load and keeps asking for authentication again in a loop.

For context, I’ve already verified the following:

I’m both Account Admin and Workspace Admin
The domain *.databricksapps.com is explicitly allowed
I have Manage access on both the AI/BI Dashboard and the Databricks App
The app is built using Streamlit

Has anyone encountered a similar issue while embedding AI/BI Dashboards in Databricks Apps? Any guidance on what configuration I might be missing or whether this is a known limitation would be greatly appreciated.

Thanks in advance!

Louis_Frolio · Tuesday

Hmmm, this is new to me. However, I did some poking around in our internal docs and I have come up with a few more suggestions/tips you can chase down. Not sure if it will help but it gives you a little more to work with.

That specific error string is emitted when the embedded AI/BI Dashboard detects that it’s running inside nested iframes rather than a single, top-level iframe.

Why this happens with your hierarchy

Your Databricks App runs on its own databricksapps.com host and is intended to be accessed directly via its URL (for Azure, something like https://-..azure.databricksapps.com). If the app itself is being rendered inside another iframe—such as a preview inside the Workspace UI—then the dashboard iframe ends up nested inside the app iframe. That extra level of nesting is what triggers the error.

Fixes and workarounds

• Open the Databricks App directly in its own top-level browser tab at the databricksapps.com URL, and embed the dashboard once within Streamlit. Avoid viewing the app through Workspace UI preview panes or any wrappers that render it inside an iframe.

• Keep the allow-list and cookie settings you already configured. Basic iframe embedding still relies on third-party cookies, and the host domain must be allow-listed under Workspace Security → External access → Embed dashboards.

• If you want to eliminate browser SSO prompts and reduce sensitivity to embedding context altogether, consider switching to Embedding for external users (app-delegated embedding). In this model, the App authenticates using a Service Principal and injects short-lived tokens into the dashboard, rather than relying on the user’s session inside the iframe.

Example:

import { DatabricksDashboard } from '@databricks/aibi-client'

const dashboard = new DatabricksDashboard({
  instanceUrl: config.workspace_url,
  workspaceId: config.workspace_id,
  dashboardId: config.dashboard_id,
  token: config.embed_token,
  container: containerRef.current,
  getNewToken: async () => {
    const res = await fetch('/api/dashboard/embed-config')
    const data = await res.json()
    return data.embed_token
  }
})

await dashboard.initialize()

Practical debug tip

Open DevTools in the App page, go to Elements, and search for “dashboardsv3”. Confirm that the dashboard iframe’s parent is the page document itself—not another iframe. If you see iframe → iframe → dashboard, that nested context is the root cause.

As a next step, can you try opening the App directly at its databricksapps.com URL in a new tab and see if the error disappears? If it persists, let me know how you’re injecting the iframe in Streamlit (for example, st.markdown versus st.components), and we can zero in on any accidental iframe wrappers.

Regards, Louis.

View solution in original post

Louis_Frolio · Sunday

Greetings @abhijit007 , I did a little resarch and have come up with some hints/guidance to help you:

Hey @abhijit007 — I did a little digging on this and pulled together some concrete guidance that should help you unblock things.

Thanks for sharing the details. What you’re seeing is actually consistent with how basic iframe embedding behaves for Databricks dashboards.

Why the SSO loop happens

When you use the generated iframe embed code, the dashboard is served from your workspace domain (for example, *.databricks.com), while your Databricks App runs on *.databricksapps.com. That cross-site setup relies on the browser accepting third-party cookies for Databricks domains so the login session can persist inside the iframe.

If third-party cookies are blocked, the iframe can’t retain the session, so it keeps re-prompting for SSO and you end up in the loop you’re seeing.

Quick checks to break the loop

First, confirm your workspace Security settings have embedding enabled and that the allowed domains include the exact app host pattern for Azure Apps (for example, *.azure.databricksapps.com). Wildcards are supported, but embedding must be explicitly allowed for the host where the iframe lives.

Second, make sure third-party cookies are enabled for Databricks in your browser (or add site exceptions for your workspace and login domains) and retry the App page. Basic embedding does require third-party cookies to be enabled.

One additional note: if your embedded dashboard includes a Genie space, there were recent rendering issues specific to embedded contexts. Those were addressed via a hotfix, but depending on deployment timing you could still see cases where query results don’t render. That would be a separate (and known) issue.

Recommended approach inside Databricks Apps

If you’re aiming for a seamless experience inside a Databricks App — no per-user login prompts and no dependency on third-party cookies — the recommended path is Embedding for external users (also called app-delegated embedding).

In this model, your app authenticates using a Service Principal and injects short-lived embed tokens for the dashboard. The iframe never does user SSO, which avoids the cookie problem entirely and works cleanly with Apps.

At a high level, the flow looks like this:

Create (or use the automatically managed) Service Principal and grant it the required data permissions for the dashboard via Unity Catalog. Publish the dashboard without embedded credentials so it runs under the SP’s scope when embedded. Keep your allowed domains configured for the App host as before. In the App, request and inject an embed token for the dashboard and refresh it before expiry.

The JS client supports automatic token refresh, and the same pattern can be implemented from Streamlit by serving a small HTML/JS component, for example:

import { DatabricksDashboard } from '@databricks/aibi-client'

// Initialize with automatic token refresh
const dashboard = new DatabricksDashboard({
  instanceUrl: config.workspace_url,
  workspaceId: config.workspace_id,
  dashboardId: config.dashboard_id,
  token: config.embed_token,
  container: containerRef.current,
  getNewToken: async () => {
    const response = await fetch('/api/dashboard/embed-config')
    const data = await response.json()
    return data.embed_token
  }
})

await dashboard.initialize()

When basic embedding is sufficient

If all viewers are internal and already have Databricks accounts, the generated iframe with SSO is still the simplest option — just keep in mind it depends on third-party cookies being enabled in the browser.

If it still fails

At that point, grab a HAR from the page load and a screenshot of the workspace embedding configuration. Those artifacts make it much easier for Support to pinpoint whether the issue is a cookie restriction or a policy block in the flow.

Hope this helps clarify what’s going on and gives you a clear path forward.

Cheers,

Louis

abhijit007 · Monday

Hi @Louis_Frolio ,

Thanks for reply and proposed solution... I have enabled the cookies and added appropriate domain in Workspace security setting.. But now I am getting below error..
"The dashboard must only be embedded in a single iframe. It is currently embedded in more than one iframe."

Is this the limitation of AI/BI Dashboard? Below is the hierarchy of my Databricks Stremlit App.

Databricks Workspace UI ---->Databricks App ---->Streamlit runtime---->AI/BI dashboard iframe

Louis_Frolio · Tuesday