To allow your application users to access the embedded ThoughtSpot content, make sure you configure security settings for Cross-Origin Resource Sharing (CORS) and Content Security Policy (CSP).
To authenticate and authorize embed users, you must also configure an authentication method in ThoughtSpot.
User authentication
-
Developer access
To enable access to the Developer Portal, you must create a user group with the Developer privilege and assign developer users to this group. Users with Developer privilege can access the Develop tab in the ThoughtSpot UI. For more information, see Developer access. -
SAML SSO authentication
If you plan to use an external directory service for authenticating your application users, you need to enable SAML authentication on ThoughtSpot and add SAML redirect domains to the allowed list. -
Trusted authentication
If you plan to use a token-based authentication service to authenticate user sessions, enable trusted authentication for ThoughtSpot.
Application security and browser support
-
Security settings
To allow your application users to access the embedded content from web browsers, you must set your application as a trusted host by adding your application domain and the URL endpoints to the CORS and CSP allowed list. -
Custom domain configuration
To host your ThoughtSpot instance on a custom domain or to use a custom domain name in system-generated emails, contact ThoughtSpot Support. For more information, see Custom domain configuration.
Access control and data security
To control user access to ThoughtSpot application workflows and data, you can use ThoughtSpot features such as group privileges, object sharing, Row-level security (RLS), Column-level security (CLS), and disabling or hiding menu actions with Visual Embed SDK.
For more information, see Access control and data security.