ThoughtSpot
Configuring the Veza integration for ThoughtSpot
Overview
ThoughtSpot is an AI-powered analytics platform enabling users to query data using natural language, with a user-friendly interface for analyzing data from various sources, including data warehouses.
The Veza integration for ThoughtSpot uses an API token to discover authorization metadata for users, groups, and roles within a ThoughtSpot organization, along with their permissions on the platform.
Requirements:
Administrator access to a ThoughtSpot account containing users, groups, and roles.
ThoughtSpot RBAC is currently in beta and disabled by default. To enable this feature on your cluster, contact ThoughtSpot Support. Note that once you enable RBAC, it cannot be disabled.
ThoughtSpot Setup Instructions
Log in to ThoughtSpot as an administrator to generate an access token and retrieve your organization ID:
Secret Key:
1.1. Go to ThoughtSpot Develop > Customizations > Security Settings. Toggle the Enable Trusted authentication option.
1.2. Copy the generated token. This token will be used later to enable the Veza integration.
Organization Id:
2.1. Login to your ThoughtSpot developer portal as an administrator.
2.2. Update the URL below to include your organization name and open
https://{{OrganizationName}}.thoughtspot.cloud/#/develop/api/rest/playgroundV2_0?apiResourceId=http%2Fapi-endpoints%2Fauthentication%2Fget-current-user-info
2.3. Click on the Try It Out button to run the Get Current User operation:
2.4. The response will appear to the side. Use the
id
fromcurrent_org
as the Organization Id to configure the Veza integration.
Veza Setup
Log in to Veza as an administrator and open the Integrations page.
Click Add Integration and choose ThoughtSpot.
Configure the integration using the values retrieved in the previous section:
Organization Name: Name of the Organization. Same as the hostname in your organization's ThoughtSpot URL (i.e.,
https://orgName.thoughtspot.cloud/
).Organization Id: The organization ID from step 2.3.
Username: Your ThoughtSpot admin user name.
Secret Key: The trusted Authentication token generated in step 1.2.
Click Create Integration to save your changes.
Notes and Supported Entities
The integration uses the Open Authorization API custom application template to model identities and role-based access controls in ThoughtSpot.
Organization > Custom Application
Users > Local User
Groups > Local Group
Roles > Local Role
Privileges > Permission
See the following sections for each attribute Veza collects. You can use filters to narrow the scope of access reviews, queries, and graph searches based on any attribute value.
User Properties
Name | Description |
---|---|
id | Unique id of the user. |
name | Name of the user. |
display_name | Display name of the user. |
Email of the user. | |
visibility | Visibility of the user. The |
created_by | Unique identifier of the author of the user. |
can_change_password | Defines whether the user can change their password. |
created_at | Creation time of the user in milliseconds. |
deleted | Indicates whether the user is deleted. |
account_type | Status of the user account. |
expiration_at | Expiration time of the user in milliseconds. |
hidden | Indicates whether the user is hidden. |
updated_at | Last modified time of the user in milliseconds. |
updated_by | Unique identifier of the modifier of the user. |
super_user | Indicates whether the user is a super user. |
system_user | Indicates whether the user is a system user. |
Group Properties
Name | Description |
---|---|
id | Unique id of the group. |
name | Name of the group. |
created_by | Unique identifier of the author of the group. |
created_at | Creation time of the group in milliseconds. |
deleted | Indicates whether the group is deleted. |
description | Description of the group. |
hidden | Indicates whether the group is hidden. |
updated_at | Last modified time of the group in milliseconds. |
updated_by | Unique identifier of the modifier of the group. |
display_name | Display name of the group. |
visibility | Visibility of the group. The |
Role Properties
Name | Description |
---|---|
id | Unique id of the Role. |
name | Name of the Role. |
permission | Permission details of the Role. |
created_by | Unique identifier of the author of the role. |
created_at | Creation time of the role in milliseconds. |
deleted | Indicates whether the role is deleted. |
description | Description of the role. |
hidden | Indicates whether the role is hidden. |
updated_at | Last modified time of the role in milliseconds. |
updated_by | Unique identifier of the modifier of the role. |
Last updated