If your ThoughtSpot system is configured for Security Assertion Markup Language (SAML) you can enable Single Sign On (SSO) for your embed application.
Place the JS API library in the
<head> section of the HTML on your Web page.
Ensure that the JS API script tag is the first script loaded in the page. You can see examples of this
Authenticate when the window is initialized
Your web page needs to authenticate by calling
and waiting for the
onInitializationCallback to be called before embedding any
ThoughtSpot visualizations or making any ThoughtSpot REST API calls.
The JS API call
window.thoughtspot.initialize can cause the entire Web page to
be re-directed to your Identity Provider (IDP). This order implies that you may not
execute any of your application logic before
called your callback.
Any redirection could interfere with your application logic. So, don’t embed any
static ThoughtSpot visualizations in your HTML. In other words, you should
generate the ThoughtSpot visualizations dynamically after
window.thoughtspot.initialize has called your callback.
onAuthExpiration is only available if you have at least one ThoughtSpot
visualization iframe in your web page.
Example of code flow
To authenticate with SSO:
Include the library file into your web page’s
From your application code, authenticate to ThoughtSpot by calling to the
Work with ThoughtSpot support to enable CORS between your client application domain and the ThoughtSpot domain.
When this value is changed, the
nginxservice is restarted automatically to reflect the change.