If your ThoughtSpot system is configured for Security Assertion Markup Language (SAML) you can enable Single Sign On (SSO) for your embed application.
Place the JS API library in the <head>
section of the HTML on your Web page.
Ensure that the JS API script tag is the first script loaded in the page. You can see examples of this
Authenticate when the window is initialized
Your web page needs to authenticate by calling window.thoughtspot.initialize
and waiting for the onInitializationCallback
to be called before embedding any
ThoughtSpot visualizations or making any ThoughtSpot REST API calls.
The JS API call window.thoughtspot.initialize
can cause the entire Web page to
be re-directed to your Identity Provider (IDP). This order implies that you may not
execute any of your application logic before window.thoughtspot.initialize
has
called your callback.
Any redirection could interfere with your application logic. So, don’t embed any
static ThoughtSpot visualizations in your HTML. In other words, you should
generate the ThoughtSpot visualizations dynamically after
window.thoughtspot.initialize
has called your callback.
The onAuthExpiration
is only available if you have at least one ThoughtSpot
visualization iframe in your web page.
Example of code flow
To authenticate with SSO:
- Download the ThoughtSpot JavaScript library.
-
Include the library file into your web page’s
<head>
section:<head> <script type=”text/javascript” src=”<protocol><your.thoughtspot.domain>/js/api/api.min.js”> ... </head>
-
From your application code, authenticate to ThoughtSpot by calling to the
window.thoughtspot.initialize
method.For example:
<script type=”text/javascript”> thoughtspotHost = <hostname_or_ip_w/o_http> function setUpThoughtSpotAPI() { window.thoughtspot.initialize( function(isUserAuthenticatedToThoughtSpot) { if (isUserAuthenticatedToThoughtSpot) { // load an embedded ThoughtSpot visualization or // make a ThoughtSpot data API call } else { // the current user into your system is not authenticated // into your ThoughtSpot instance, case in any other way suitable // to your application logic. Do NOT call setUpThoughtSpotAPI again // here as that could create an infinite cycle. } }, function() { // the user got logged out from ThoughtSpot, possibly because // their session with ThoughtSpot expired, you can call setUpThoughtSpotAPI() // again to re-authenticate the user or handle this case in any other way // suitable to your application logic. }, thoughtspotHost ); } </script>
-
Work with ThoughtSpot support to enable CORS between your client application domain and the ThoughtSpot domain.
When this value is changed, the
nginx
service is restarted automatically to reflect the change.
Now, you’re ready to either embed a visualization or use the REST API to get data from ThoughtSpot and display it within your Web page or application.