# ThoughtSpot ### Overview ThoughtSpot is an AI-powered analytics platform enabling users to query data using natural language, with a user-friendly interface for analyzing data from various sources, including data warehouses. The Veza integration for ThoughtSpot uses an API token to discover authorization metadata for users, groups, and roles within a ThoughtSpot organization, along with their permissions on the platform. **Requirements**: * Administrator access to a ThoughtSpot account containing users, groups, and roles. * ThoughtSpot RBAC is currently in beta and disabled by default. To enable this feature on your cluster, contact ThoughtSpot Support. Note that once you enable RBAC, it cannot be disabled. ### ThoughtSpot Setup Instructions Log in to ThoughtSpot as an administrator to generate an access token and retrieve your organization ID: 1. **Secret Key**: 1.1. Go to ThoughtSpot **Develop** > **Customizations** > **Security Settings**. Toggle the **Enable Trusted authentication** option. 1.2. Copy the generated token. This token will be used later to enable the Veza integration. ![Secret Key](/files/W5UHXHWkcl0ybbHoJUps) 2. **Organization Id**: 2.1. Login to your ThoughtSpot developer portal as an administrator. 2.2. Update the URL below to include your organization name and open `https://{{OrganizationName}}.thoughtspot.cloud/#/develop/api/rest/playgroundV2_0?apiResourceId=http%2Fapi-endpoints%2Fauthentication%2Fget-current-user-info` 2.3. Click on the **Try It Out** button to run the **Get Current User** operation: ![Organization Id](/files/cQs0y0NmIuo8WY9K2H6f) 2.4. The response will appear to the side. Use the `id` from `current_org` as the Organization Id to configure the Veza integration. ![Response](/files/fmdCAJjSuWFQJNT90dvU) ### Veza Setup 1. Log in to Veza as an administrator and open the **Integrations** page. 2. Click **Add Integration** and choose **ThoughtSpot**. 3. Configure the integration using the values retrieved in the previous section: * **Organization Name**: Name of the Organization. Same as the hostname in your organization's ThoughtSpot URL (i.e., `https://orgName.thoughtspot.cloud/`). * **Organization Id**: The organization ID from step 2.3. * **Username**: Your ThoughtSpot admin user name. * **Secret Key**: The trusted Authentication token generated in step 1.2. 4. Click **Create Integration** to save your changes. ### Notes and Supported Entities The integration uses the Open Authorization API custom application template to model identities and role-based access controls in ThoughtSpot. * **Organization** > Custom Application * **Users** > Local User * **Groups** > Local Group * **Roles** > Local Role * **Privileges** > Permission See the following sections for each attribute Veza collects. You can use filters to narrow the scope of access reviews, queries, and graph searches based on any attribute value. #### User Properties | Name | Description | | --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | id | Unique id of the user. | | name | Name of the user. | | display\_name | Display name of the user. | | email | Email of the user. | | visibility | Visibility of the user. The `SHARABLE` property makes a user visible to other users and groups, who can share objects with the user. `NON_SHARABLE` and `SHARABLE` are the available options. | | created\_by | Unique identifier of the author of the user. | | can\_change\_password | Defines whether the user can change their password. | | created\_at | Creation time of the user in milliseconds. | | deleted | Indicates whether the user is deleted. | | account\_type | Status of the user account. `LOCAL_USER`, `LDAP_USER`, `SAML_USER`, `OIDC_USER`, and `REMOTE_USER` are the available options. | | expiration\_at | Expiration time of the user in milliseconds. | | hidden | Indicates whether the user is hidden. | | updated\_at | Last modified time of the user in milliseconds. | | updated\_by | Unique identifier of the modifier of the user. | | super\_user | Indicates whether the user is a super user. | | system\_user | Indicates whether the user is a system user. | #### Group Properties | Name | Description | | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | id | Unique id of the group. | | name | Name of the group. | | created\_by | Unique identifier of the author of the group. | | created\_at | Creation time of the group in milliseconds. | | deleted | Indicates whether the group is deleted. | | description | Description of the group. | | hidden | Indicates whether the group is hidden. | | updated\_at | Last modified time of the group in milliseconds. | | updated\_by | Unique identifier of the modifier of the group. | | display\_name | Display name of the group. | | visibility | Visibility of the group. The `SHARABLE` property makes a group visible to other users and groups, who can share objects with the group. `NON_SHARABLE` and `SHARABLE` are the available options. | #### Role Properties | Name | Description | | ----------- | ------------------------------------------------------------------------------------------------- | | id | Unique id of the Role. | | name | Name of the Role. | | permission | Permission details of the Role. `READ_ONLY`, `MODIFY`, and `NO_ACCESS` are the available options. | | created\_by | Unique identifier of the author of the role. | | created\_at | Creation time of the role in milliseconds. | | deleted | Indicates whether the role is deleted. | | description | Description of the role. | | hidden | Indicates whether the role is hidden. | | updated\_at | Last modified time of the role in milliseconds. | | updated\_by | Unique identifier of the modifier of the role. | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/thoughtspot.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.