Embedding TrendMiner Dashboards in SharePoint Online

1. Overview
 

To embed a TrendMiner dashboard into SharePoint Online using an iframe, two systems must allow the embed:

1. TrendMiner – via Content Security Policy (CSP) frame-ancestors settings

2. SharePoint Online – via HTML Field Security (allowed iframe domains)

Both sides must be correctly configured for the embed to work.
 

2. Prerequisites

• A working TrendMiner environment (e.g. https://demo.trendminer.cloud)

• Access to TrendMiner ConfigHub (TrendMiner admin)

• SharePoint Site Collection Administrator rights
   

3. Step 1 – Allow SharePoint in TrendMiner (CSP / ConfigHub)

TrendMiner uses CSP headers (specifically frame-ancestors) to control which domains are allowed to embed its pages.

1. In TrendMiner, go to ConfigHub → URL Embedding.

2. Add the domain(s) that will host the SharePoint page, for example:

   • https://contoso.sharepoint.com

3. Use only base domains, without paths or wildcards in the path.

Valid examples

• https://example.com

• https://example.com/

• https://*.example.com (matches any subdomain, but not example.com itself)

Invalid examples

• https://example.com/*

• https://example.com/site/*

If you need both example.com and app.example.com, list them separately.

Limitations & notes

• Max 5 domains can be configured

• Only HTTPS URLs are accepted

• Changes can take a few minutes to become effective
   

4. Step 2 – Allow TrendMiner in SharePoint (HTML Field Security)

SharePoint restricts iframe usage via HTML Field Security.

1. In SharePoint, click the gear icon → Site information → View all site settings.

2. Under Site Collection Administration, select HTML Field Security.

3. Choose: “Allow contributors to insert iframes only from the following domains”.

4. Add your TrendMiner domain, e.g.:

   • https://demo.trendminer.cloud

5. Click Add, then OK.

Security options in HTML Field Security

• Don’t allow iframes from external domains

  • Blocks all external embeds

• Allow from specific domains only (recommended)

  • Allowlist approach – add only trusted domains

• Allow from any domain

  • Least secure, not recommended for production

Microsoft reference:
Allow or restrict the ability to embed content on SharePoint pages - Microsoft Support
 

5. Common Errors & Fixes

Error 1: CSP frame-ancestors violation (browser console)
Example:
Framing "https://demo.trendminer.cloud/" violates the following Content Security Policy directive: "frame-ancestors 'self' https://example.com"

• Cause: Embedding domain not correctly added in TrendMiner’s CSP allowlist, or URL format invalid.

• Fix: In ConfigHub → URL Embedding, add the SharePoint domain as a base URL (e.g. https://contoso.sharepoint.com) without path wildcards.

Error 2: “Embedding content from this website isn’t allowed” (SharePoint)

• Cause: TrendMiner domain not allowed in SharePoint HTML Field Security.

• Fix: A Site Collection Administrator must add the TrendMiner domain (e.g. https://demo.trendminer.cloud) to the allowed iframe domains.
   

6. Quick Checklist

TrendMiner side

• [ ] SharePoint domain added in ConfigHub → URL Embedding

• [ ] URL format is base domain only (no /*, no path wildcards)

• [ ] Enough time has passed for CSP changes to propagate

SharePoint side

• [ ] HTML Field Security allows iframes from specific domains

• [ ] TrendMiner domain added to the allowed domains list

• [ ] Page tested in View mode (not only in Edit mode)

Question: What TrendMiner information is valuable for you to show on a Sharepoint dashboard?