Multifactor authentication for customers using local authentication

ThoughtSpot now supports multifactor authentication (MFA) for customers using local authentication powered by Enhanced IAM with IAM v2. Using only local authentication on ThoughtSpot can leave you vulnerable to security threats and attacks. This can be mitigated with Multi-Factor Authentication (MFA) support for local users in ThoughtSpot. Use MFA to enable secure access to your ThoughtSpot instance by introducing an additional authentication factor configurable at the cluster level. ThoughtSpot supports Okta Verify, Google Authenticator, and Email-based time-based one-time passcode (TOTP) authentication.

To enable MFA with local authentication on your cluster, contact ThoughtSpot Support. MFA can only be enabled by cluster Administrators and is applied for all users on the cluster. Any local authentication user is prompted to enter an additional factor. The factor that users are prompted for depends on your configuration. MFA is a mandatory security configuration that all ThoughtSpot customers with local authentication will eventually have to enable.
Users making REST API calls to API endpoints, authenticating using only username and password will encounter an error. Contact ThoughtSpot Support for assistance.

When you enable multifactor authentication for users with local authentication configured on your cluster, users are prompted to set up the second factor authentication upon their first login. For example, to set up Okta authentication, users are prompted to complete the following steps:

  1. As a new user, you receive an email with a link to activate your account. Click the link in the email to go to ThoughtSpot.

  2. Create a password and click Activate.

    MFA login set password

    You are then prompted to log into ThoughtSpot.

  3. Login to ThoughtSpot using the password created in the previous step.

  4. You are then prompted to verify their identity through a one-time email verification code. Click Send code to send a verification code via email.

    MFA send email code

  5. Go to your email and copy your verification code.

    MFA email

  6. Go to ThoughtSpot and enter your code.

    MFA one-time email code

    You are prompted to set up your next factor authentication.

  7. Select the next factor authentication that you want to configure, and click Set up next factor.

    MFA select option

  8. Select your device type from the list of available options.

    MFA Okta select device

  9. Click Next

    MFA Okta device 2

  10. Follow the instructions to download and set up the authentication app on your device.

    MFA Okta setup
Was this page helpful?
×