Identity and Access Management V2

Identity and Access Management (IAMv2) is in Beta and off by default in 8.7.0.cl. To enable it, contact ThoughtSpot Support.

Starting in Beta in the 8.7.0.cl release, ThoughtSpot supports a new, industry-standard cloud authentication method through Okta. With this feature, ThoughtSpot powers its internal authentication with Okta, which is the industry-leading authentication platform. The change to Okta is internal and has no impact on customers. After ThoughtSpot enables this feature by default, all user authentication will automatically use the internal Okta service. This feature set involves several external improvements to authentication, including security enhancements.

You can now map certain Identity Provider (IDP) attributes from the ThoughtSpot Admin Console when configuring SAML authentication. These attributes include the username, email, and display name. For more information, see Managing authentication with SAML using IAMv2. After you configure SAML authentication, only Okta interacts with your IDP. Your ThoughtSpot cluster does not directly interact with your IDP.

The users section of the Admin Console now supports account activation monitoring. If a user still needs to activate their account, administrators can see that information in the Users section and re-send their activation email. For more information, see Create, edit, or delete a user using IAMv2.

Local users now create their own password during activation. Administrators do not create the password prior to activation. For more information, see Activate your ThoughtSpot account using IAMv2.

Refer to the following articles for detailed information on new or changed ThoughtSpot functionality with IAMv2:

Refer to the following articles for detailed information on ThoughtSpot functionality if you do NOT have IAMv2 enabled. Note that there is no account activation required for local users on clusters that do not have IAMv2 enabled.