Version 2021

Configure SameSite Cookies for Library

Starting in MicroStrategy 2021 Update 6, you can manage SameSite cookies for Library in Workstation. See Chrome v80 Cookie Behavior and the Impact on MicroStrategy Deployments for managing SameSite cookies in MicroStrategy 2021 Update 5.2 and older.

SameSite prevents the browser from sending cookies along with cross-site requests. The main goal is to mitigate the risk of cross-origin information leakage. It also provides protection against cross-site request forgery attacks. Possible values are as follows:

  • Lax Provides a reasonable balance between security and usability for websites that want to maintain user’s logged-in session after the user arrives from an external link. The default option for SameSite is Lax, including when no option is selected.

  • Strict Prevents the cookie from being sent by the browser to the target site in all cross-site browsing contexts, even when following a regular link.

  • None Allows cookies in all cross-site browsing contexts.

An HTTPS connection is a prerequisite for the None selection. If the SameSite cookie attribute is set to None, the associated cookie must be marked as Secure.

A SameSite attribute of None is recommended in the following scenarios:

  • There are cross-domain compatibility issues.

  • MicroStrategy Web and MicroStrategy Library are deployed in a domain other than the one displayed in the user's address bar.

  • You are using Security Assertion Markup Language (SAML), OpenID Connect (OIDC,) and third party authentication.

  1. In Workstation, Connect to the Library environment with an admin user.

  2. Right-click the environment and choose Properties.

    Choose Get Info if you are using a Mac.

  3. In the left pane, click Library and scroll down to the Cookies section.

  4. Based on your requirements, select the appropriate SameSite attribute. The SameSite attribute is unselected by default.

  5. Click OK and restart the Library server.

Learn more about the other settings on this dialog in View and Edit Library Administration Settings