Configure CA SiteMinder

CA SiteMinder can be used as an Identity Provider for single sign on to ThoughtSpot.

Before configuring CA SiteMinder, you must configure SAML in ThoughtSpot. Use this procedure to set up CA SiteMinder for use with ThoughtSpot:

  1. Configure the Local Identity Provider Entity as follows:

    Entity Location

    Local
    Entity Type

    SAML2 IDP
    Entity ID

    Any (Relevant ID)
    Entity Name

    Any (Relevant name)
    Description

    Any (Relevant description)
    Base URL

    https://<FWS_FQDN>, using fully qualified domain name serving SiteMinder services
    Signing Private Key Alias

    Select the correct private key alias or import one if not done already
    Signed Authentication Requests Required

    No
    Supported NameID format

    Optional

  2. Create the Remote SP Entity, either through a metadata import or manually. To configure the Remote SP entity manually, select Create Entity. Create ThoughtSpot as a Remote Entity with following details:

    Entity Location

    Remote
    New Entity Type

    SAML2 SP
    Entity ID

    Your cluster
    Entity Name

    Any (relevant name)
    Description

    Any (relevant description)
    Assertion Consumer Service URL

    (Relevant URL)
    Verification Certificate Alias

    Select the correct certificate to verify the signature in incoming requests
    Supported NameID Format

    Optional

  3. Proceed to configure the Federation Partnership between CA SiteMinder (the IDP) and ThoughtSpot (the Remote SP) in CA SiteMinder. Sign in to CA SiteMinder.

  4. Navigate to Federation > Partnership Federation > Create Partnership (SAML 2 IDP > SP).

  5. Select Configure Partnership and fill in the following values:

    Add Partnership Name

    Any (relevant name)
    Description

    Any (relevant description)
    Local IDP ID

    Select Local IDP ID
    Remote SP ID

    Select Remote SP ID
    Base URL

    Will be pre-populated
    Skew Time

    Any per environment requirement
    User Directories and Search Order

    Select required Directories in required search order

  6. Select Configure Assertion and fill in the following values:

    Name ID Format

    Optional
    Name ID Type

    User Attribute
    Value

    The name of the user attribute, containing the email address or user identifier, such as 'mail'.

  7. Select Configure SSO and SLO and fill in the following values:

    Add Authentication URL

    This should be the URL that is protected by SiteMinder
    SSO Binding

    Select SSO Binding supported by the SP, typically the HTTP-Post
    Audience

    (Relevant audience)
    Transaction Allowed

    Optional
    Assertion Consumer Service URL

    Populated using the information from the SP entity

  8. Continue to Partnership Activation, and select Activate.

Was this page helpful?
×