b0cb26a0-351e-40b4-9e42-00fa2265d50c
Secret key management
secret key overview🔗
The secret_key
allows calling the ThoughtSpot token request REST APIs to generate a token for any user.
Requests with the secret_key
do not require any type of user login or admin permissions and the secret_key
is equivalent to an admin-level login for the token request REST APIs.
The secret_key
must be stored securely and never exposed to end users in the web browser.
Enable Trusted authentication to get a secret key🔗
A new secret key is generated when the ThoughtSpot administrator enables Trusted authentication.
Note
|
Starting from 9.2.0.cl, Org administrators can generate a unique secret key for respective Orgs. To enable this feature on your cluster, contact ThoughtSpot Support. |
To generate a secret key:
-
Log in to the ThoughtSpot.
-
If Orgs are configured on your instance, switch to the Org for which you want to generate a secret key.
If the per-Org secret key feature is not enabled on your instance and if you want to generate a separate secret key for each Org, contact ThoughtSpot Support. ThoughtSpot also allows you to generate a secret key at the primary Org (Org 0) level and use it to obtain an authentication token for a user.
-
Go to Develop > Customizations > Security settings.
-
Click Edit.
-
To enable trusted authentication, turn on the Trusted authentication toggle.
-
To copy the secret key, click Edit again, navigate to Trusted authentication, and then click the copy to clipboard icon.
The following example shows a ThoughtSpot-generated secret key string.
This key is required for making API calls to get a token for ThoughtSpot users.
-
Store the key in a secure location.
-
Click Save Changes.
Request a new secret key🔗
Requesting a new secret_key
simply involves disabling and re-enabling trusted authentication.
Any previous secret_key
will be invalidated as soon as Trusted authentication has been disabled.
Disable Trusted authentication🔗
To disable Trusted authentication, follow these steps:
-
Log in to ThoughtSpot.
-
If the per-Org secret key feature is enabled and Orgs are configured on your instance, switch to the Org for which you want to disable trusted authentication.
-
Go to Develop > Customizations > Security settings.
-
Click Edit and turn off the Trusted authentication toggle.
A pop-up window appears and prompts you to confirm the disable action.
-
Click Disable.
When you disable Trusted authentication, the validity of your existing secret key expires, and your app may become inoperable. To a new secret key and generate authentication tokens, you must enable Trusted authentication.