From 83397fbf7b6853ff8640131221b05feb4aaca359 Mon Sep 17 00:00:00 2001 From: Rani Gangwar Date: Wed, 10 Jun 2026 10:43:58 +0530 Subject: [PATCH 1/3] saml cert renewal SCAL-317595 --- modules/ROOT/pages/configure-saml.adoc | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/configure-saml.adoc b/modules/ROOT/pages/configure-saml.adoc index 7fdd77b4a..bbcf91e79 100644 --- a/modules/ROOT/pages/configure-saml.adoc +++ b/modules/ROOT/pages/configure-saml.adoc @@ -119,7 +119,7 @@ Make a note of all of the redirects within the SAML workflow. Each server must b To configure SAML SSO authentication on the ThoughtSpot embedded instance, complete the following steps: * xref:configure-saml.adoc#admin-portal[Enable SAML authentication on ThoughtSpot with IAMv1] -* xref:configure-saml.adoc#IAMv2[Enable SAML authentication on ThoughtSpot with IAMv2] (Requires assistance from ThoughtSpot Support) +* xref:configure-saml.adoc#IAMv2[Enable SAML authentication on ThoughtSpot with IAMv2] * xref:configure-saml.adoc#idp-config[Configure the IdP server for SAML authentication] * xref:configure-saml.adoc#auth-config-sdk[Enable SSO authentication in Visual Embed SDK] * xref:configure-saml.adoc#saml-redirect[Add SAML redirect domain to the allowed list in ThoughtSpot] @@ -261,6 +261,27 @@ link:https://docs.thoughtspot.com/cloud/latest/saml-okta#_enable_saml_authentica You can map your SAML groups,or groups and Orgs from your IdP to your ThoughtSpot. This means that you do not have to manually recreate your groups and Orgs in ThoughtSpot if they are already present in your IdP. Refer to link:https://docs.thoughtspot.com/cloud/latest/saml-group-mapping[Configure SAML group mapping, window=_blank]. +[#update-idp-cert-iamv2] +=== #Update your IdP certificate# +If your IdP certificate expires or is rotated, you can update it in the ThoughtSpot UI. +ThoughtSpot IAMv2 supports self-serve certificate management — changes take effect immediately after you save. + +To update your IdP certificate: + +* Go to *Admin* > *Authentication* +* Navigate to your SAML connection and click the the *More* menu image:icon-more-10px.png[more options menu icon] > *Edit* +* In the *IDP provider certificate* field, replace the existing certificate with the new certificate file from your IdP. ++ +[NOTE] +==== +Download the raw certificate file from your IdP settings page. +The accepted format is `[PEM / .cer / .crt]`. +==== +* Click *Save*. + +Your users can sign in using the updated certificate immediately. +If users experience sign-in failures after a certificate rotation, verify that the certificate in ThoughtSpot matches the certificate currently active on your IdP. + [#idp-config] === Configure the IdP server for SAML authentication From 155e71936350c1584f1fba8ba1421ed2a5d14f2f Mon Sep 17 00:00:00 2001 From: Rani Gangwar Date: Wed, 10 Jun 2026 15:03:02 +0530 Subject: [PATCH 2/3] saml cert renewal SCAL-317595 --- modules/ROOT/pages/configure-saml.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/configure-saml.adoc b/modules/ROOT/pages/configure-saml.adoc index bbcf91e79..22a012749 100644 --- a/modules/ROOT/pages/configure-saml.adoc +++ b/modules/ROOT/pages/configure-saml.adoc @@ -268,14 +268,14 @@ ThoughtSpot IAMv2 supports self-serve certificate management — changes take ef To update your IdP certificate: -* Go to *Admin* > *Authentication* +* Go to *Admin* > *User management* > *Authentication* * Navigate to your SAML connection and click the the *More* menu image:icon-more-10px.png[more options menu icon] > *Edit* * In the *IDP provider certificate* field, replace the existing certificate with the new certificate file from your IdP. + [NOTE] ==== Download the raw certificate file from your IdP settings page. -The accepted format is `[PEM / .cer / .crt]`. +The accepted format is `PEM / .cer / .crt`. ==== * Click *Save*. From b8795046babc01904af18fbd82f622c705dc0a31 Mon Sep 17 00:00:00 2001 From: Rani Gangwar Date: Wed, 10 Jun 2026 15:12:24 +0530 Subject: [PATCH 3/3] saml cert renewal SCAL-317595 edits --- modules/ROOT/pages/configure-saml.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/configure-saml.adoc b/modules/ROOT/pages/configure-saml.adoc index 22a012749..9467a65d4 100644 --- a/modules/ROOT/pages/configure-saml.adoc +++ b/modules/ROOT/pages/configure-saml.adoc @@ -269,7 +269,7 @@ ThoughtSpot IAMv2 supports self-serve certificate management — changes take ef To update your IdP certificate: * Go to *Admin* > *User management* > *Authentication* -* Navigate to your SAML connection and click the the *More* menu image:icon-more-10px.png[more options menu icon] > *Edit* +* Navigate to your SAML connection and click the **More** menu image:./images/icon-more-10px.png[the more options menu] > *Edit* * In the *IDP provider certificate* field, replace the existing certificate with the new certificate file from your IdP. + [NOTE]