Explains what the feature is or what its benefits are to the user or customer.
ThoughtSpot can use Security Assertion Markup Language (SAML) to authenticate users. You can set up SAML through the shell on ThoughtSpot using a tscli based configurator.
- IP of the server where your ThoughtSpot instance is running.
- Port of the server where your ThoughtSpot instance is running.
- Protocol, or the authentication mechanism for ThoughtSpot.
- Unique service name that is used as the unique key by IDP to identify the
It should be in the following format: urn:thoughtspot:callosum:saml
- Allowed skew time, which is the time after authentication response is rejected and sent back from the IDP. It is usually set to 86400.
- The absolute path to the idp-meta.xml file. This is needed so that the configuration persists over upgrades.
- This configurator also checks with the user if internal authentication needs to be set or not. This internal authentication mechanism is used to authenticate tsadmin, so set it to true if you do not know what it does.
- Log in to the Linux shell using SSH.
Execute the command to launch the interactive SAML configuration:
tscli saml configure
- Complete the configurator prompts with the information you gathered above.
- When the configuration is complete, open a Web browser and go to the ThoughtSpot login page. It should now show the Single Sign On option.