ThoughtSpot

Configuring the Veza integration for ThoughtSpot

Last updated 8 months ago

Was this helpful?

ThoughtSpot

Configuring the Veza integration for ThoughtSpot

Overview

ThoughtSpot is an AI-powered analytics platform enabling users to query data using natural language, with a user-friendly interface for analyzing data from various sources, including data warehouses.

The Veza integration for ThoughtSpot uses an API token to discover authorization metadata for users, groups, and roles within a ThoughtSpot organization, along with their permissions on the platform.

Requirements:

Administrator access to a ThoughtSpot account containing users, groups, and roles.
ThoughtSpot RBAC is currently in beta and disabled by default. To enable this feature on your cluster, contact ThoughtSpot Support. Note that once you enable RBAC, it cannot be disabled.

ThoughtSpot Setup Instructions

Secret Key:
1.1. Go to ThoughtSpot Develop > Customizations > Security Settings. Toggle the Enable Trusted authentication option.
1.2. Copy the generated token. This token will be used later to enable the Veza integration.
Organization Id:
2.1. Login to your ThoughtSpot developer portal as an administrator.
2.2. Update the URL below to include your organization name and open https://{{OrganizationName}}.thoughtspot.cloud/#/develop/api/rest/playgroundV2_0?apiResourceId=http%2Fapi-endpoints%2Fauthentication%2Fget-current-user-info
2.3. Click on the Try It Out button to run the Get Current User operation:
2.4. The response will appear to the side. Use the id from current_org as the Organization Id to configure the Veza integration.

Veza Setup

Log in to Veza as an administrator and open the Integrations page.
Click Add Integration and choose ThoughtSpot.
Configure the integration using the values retrieved in the previous section:
- Organization Name: Name of the Organization. Same as the hostname in your organization's ThoughtSpot URL (i.e., https://orgName.thoughtspot.cloud/).
- Organization Id: The organization ID from step 2.3.
- Username: Your ThoughtSpot admin user name.
- Secret Key: The trusted Authentication token generated in step 1.2.
Click Create Integration to save your changes.

Notes and Supported Entities

The integration uses the Open Authorization API custom application template to model identities and role-based access controls in ThoughtSpot.

Organization > Custom Application
Users > Local User
Groups > Local Group
Roles > Local Role
Privileges > Permission

See the following sections for each attribute Veza collects. You can use filters to narrow the scope of access reviews, queries, and graph searches based on any attribute value.

User Properties

Name

Description

Unique id of the user.

name

Name of the user.

display_name

Display name of the user.

Email of the user.

visibility

Visibility of the user. The SHARABLE property makes a user visible to other users and groups, who can share objects with the user. NON_SHARABLE and SHARABLE are the available options.

created_by

Unique identifier of the author of the user.

can_change_password

Defines whether the user can change their password.

created_at

Creation time of the user in milliseconds.

deleted

Indicates whether the user is deleted.

account_type

Status of the user account. LOCAL_USER, LDAP_USER, SAML_USER, OIDC_USER, and REMOTE_USER are the available options.

expiration_at

Expiration time of the user in milliseconds.

hidden

Indicates whether the user is hidden.

updated_at

Last modified time of the user in milliseconds.

updated_by

Unique identifier of the modifier of the user.

super_user

Indicates whether the user is a super user.

system_user

Indicates whether the user is a system user.

Group Properties

Name

Description

Unique id of the group.

name

Name of the group.

created_by

Unique identifier of the author of the group.

created_at

Creation time of the group in milliseconds.

deleted

Indicates whether the group is deleted.

description

Description of the group.

hidden

Indicates whether the group is hidden.

updated_at

Last modified time of the group in milliseconds.

updated_by

Unique identifier of the modifier of the group.

display_name

Display name of the group.

visibility

Visibility of the group. The SHARABLE property makes a group visible to other users and groups, who can share objects with the group. NON_SHARABLE and SHARABLE are the available options.

Role Properties

Name

Description

Unique id of the Role.

name

Name of the Role.

permission

Permission details of the Role. READ_ONLY, MODIFY, and NO_ACCESS are the available options.

created_by

Unique identifier of the author of the role.

created_at

Creation time of the role in milliseconds.

deleted

Indicates whether the role is deleted.

description

Description of the role.

hidden

Indicates whether the role is hidden.

updated_at

Last modified time of the role in milliseconds.

updated_by

Unique identifier of the modifier of the role.

PreviousTerraform NextTrello

Last updated 8 months ago

Was this helpful?

Overview

ThoughtSpot is an AI-powered analytics platform enabling users to query data using natural language, with a user-friendly interface for analyzing data from various sources, including data warehouses.

The Veza integration for ThoughtSpot uses an API token to discover authorization metadata for users, groups, and roles within a ThoughtSpot organization, along with their permissions on the platform.

Requirements:

Administrator access to a ThoughtSpot account containing users, groups, and roles.
ThoughtSpot RBAC is currently in beta and disabled by default. To enable this feature on your cluster, contact ThoughtSpot Support. Note that once you enable RBAC, it cannot be disabled.

ThoughtSpot Setup Instructions

Secret Key:
1.1. Go to ThoughtSpot Develop > Customizations > Security Settings. Toggle the Enable Trusted authentication option.
1.2. Copy the generated token. This token will be used later to enable the Veza integration.
Organization Id:
2.1. Login to your ThoughtSpot developer portal as an administrator.
2.2. Update the URL below to include your organization name and open https://{{OrganizationName}}.thoughtspot.cloud/#/develop/api/rest/playgroundV2_0?apiResourceId=http%2Fapi-endpoints%2Fauthentication%2Fget-current-user-info
2.3. Click on the Try It Out button to run the Get Current User operation:
2.4. The response will appear to the side. Use the id from current_org as the Organization Id to configure the Veza integration.

Veza Setup

Log in to Veza as an administrator and open the Integrations page.
Click Add Integration and choose ThoughtSpot.
Configure the integration using the values retrieved in the previous section:
- Organization Name: Name of the Organization. Same as the hostname in your organization's ThoughtSpot URL (i.e., https://orgName.thoughtspot.cloud/).
- Organization Id: The organization ID from step 2.3.
- Username: Your ThoughtSpot admin user name.
- Secret Key: The trusted Authentication token generated in step 1.2.
Click Create Integration to save your changes.

Notes and Supported Entities

The integration uses the Open Authorization API custom application template to model identities and role-based access controls in ThoughtSpot.

Organization > Custom Application
Users > Local User
Groups > Local Group
Roles > Local Role
Privileges > Permission

See the following sections for each attribute Veza collects. You can use filters to narrow the scope of access reviews, queries, and graph searches based on any attribute value.

User Properties

Name

Description

Unique id of the user.

name

Name of the user.

display_name

Display name of the user.

Email of the user.

visibility

Visibility of the user. The SHARABLE property makes a user visible to other users and groups, who can share objects with the user. NON_SHARABLE and SHARABLE are the available options.

created_by

Unique identifier of the author of the user.

can_change_password

Defines whether the user can change their password.

created_at

Creation time of the user in milliseconds.

deleted

Indicates whether the user is deleted.

account_type

Status of the user account. LOCAL_USER, LDAP_USER, SAML_USER, OIDC_USER, and REMOTE_USER are the available options.

expiration_at

Expiration time of the user in milliseconds.

hidden

Indicates whether the user is hidden.

updated_at

Last modified time of the user in milliseconds.

updated_by

Unique identifier of the modifier of the user.

super_user

Indicates whether the user is a super user.

system_user

Indicates whether the user is a system user.

Group Properties

Name

Description

Unique id of the group.

name

Name of the group.

created_by

Unique identifier of the author of the group.

created_at

Creation time of the group in milliseconds.

deleted

Indicates whether the group is deleted.

description

Description of the group.

hidden

Indicates whether the group is hidden.

updated_at

Last modified time of the group in milliseconds.

updated_by

Unique identifier of the modifier of the group.

display_name

Display name of the group.

visibility

Visibility of the group. The SHARABLE property makes a group visible to other users and groups, who can share objects with the group. NON_SHARABLE and SHARABLE are the available options.

Role Properties

Name

Description

Unique id of the Role.

name

Name of the Role.

permission

Permission details of the Role. READ_ONLY, MODIFY, and NO_ACCESS are the available options.

created_by

Unique identifier of the author of the role.

created_at

Creation time of the role in milliseconds.

deleted

Indicates whether the role is deleted.

description

Description of the role.

hidden

Indicates whether the role is hidden.

updated_at

Last modified time of the role in milliseconds.

updated_by

Unique identifier of the modifier of the role.