> ## Documentation Index
> Fetch the complete documentation index at: https://support.configview.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Looker setup

## Part 1: Looker Data Ingestion

Set up a Looker API key so ConfigView can pull your Looker configuration into the dashboard — identity, access controls, content permissions, database connections, scheduled deliveries, alerts, and SSO settings.

***

### Step 1: Create an API Key

1. In Looker, click your avatar in the top-right and go to **Admin.**
2. Under **Users**, click **Users.**
3. Find the user you want the key to belong to (a dedicated service-account user is recommended) and click **Edit.**
4. Scroll to **API Keys** and click **Edit Keys.**
5. Click **New API Key.**
6. Document the **Client ID** and **Client Secret** — the secret is only shown once.

> **Note:** The user that owns the API key must have the **Admin** role. ConfigView reads admin-only endpoints — all users' scheduled plans and alerts, database connections, content metadata access, and LDAP/SAML/OIDC/password configuration — so a non-Admin key will fail health checks on most scripts. A dedicated service-account user with the Admin role is strongly recommended over a personal account.

***

### Step 2: Add the Credentials to ConfigView

1. Go to your ConfigView dashboard: `https://{companyname}.configview.com/admin/secret/`
2. Click **Add Secret**
3. Create the following secrets:
   * `LOOKER_CLIENT_ID`: The Client ID from Step 1
   * `LOOKER_CLIENT_SECRET`: The Client Secret from Step 1
   * `LOOKER_BASE_URL`: Your Looker subdomain (the part before `.cloud.looker.com` in your Looker URL)
4. Click **Save**

***

### Step 3: Enable the Looker App in ConfigView

1. Go to: `https://{companyname}.configview.com/admin/cron/`
2. You should see **Looker** in the list of available apps
3. Select the scripts you want to run.
4. Click **Save**

***

### Step 4: Verify

1. Go to: `https://{companyname}.configview.com/admin/status/`
2. Run the **Looker** health check.
3. All checks should pass.

If a check fails, verify that your secrets are saved correctly and the API key user has the required role.

***

### What ConfigView ingests from Looker

Once the scripts run, the following data domains are captured. All tables include a `run_at` column for historical tracking, so you can see how your Looker configuration changes over time.

**Identity & access**

* Users, groups, and user attributes (`looker_users`, `looker_groups`, `looker_attributes`, `looker_user_attributes`)
* Roles, permission sets, model sets (`looker_roles`, `looker_permission_sets`, `looker_model_sets`)
* Role / group memberships (`looker_role_users`, `looker_role_groups`, `looker_group_users`, `looker_group_groups`)

**Content & data sources**

* Folders and content metadata (`looker_folders`, `looker_content_metadata`)
* Content metadata access — who can see what folders/dashboards/looks (`looker_content_metadata_access`)
* Database connections (`looker_connections`)

**Activity & automation**

* Scheduled plans / report deliveries across all users (`looker_scheduled_plans`)
* Alerts across all owners (`looker_alerts`)

**Authentication configuration**

* LDAP, SAML, OIDC, and password policy settings (`looker_ldap_config`, `looker_saml_config`, `looker_oidc_config`, `looker_password_config`)

### Permissions required (Looker side)

The Admin role grants everything ConfigView needs. For reference, the underlying Looker permissions used are: `see_users`, `manage_models`, `see_schedules`, `see_alerts`, `see_lookml`, `see_logs`, `manage_homepage` and the various `see_*_config` permissions. None of these are scope-style OAuth grants — they're standard Looker role permissions assigned via the Admin panel.
