Skip to content

saml cert renewal SCAL-317595 #473

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rani2655 wants to merge 3 commits into
base: 26.6.0.cl
Choose a base branch
from
Open

saml cert renewal SCAL-317595 #473

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
83397fb
saml cert renewal SCAL-317595
rani2655 Jun 10, 2026
155e719
saml cert renewal SCAL-317595
rani2655 Jun 10, 2026
b879504
saml cert renewal SCAL-317595 edits
rani2655 Jun 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 22 additions & 1 deletion modules/ROOT/pages/configure-saml.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ Make a note of all of the redirects within the SAML workflow. Each server must b
To configure SAML SSO authentication on the ThoughtSpot embedded instance, complete the following steps:

* xref:configure-saml.adoc#admin-portal[Enable SAML authentication on ThoughtSpot with IAMv1]
* xref:configure-saml.adoc#IAMv2[Enable SAML authentication on ThoughtSpot with IAMv2] (Requires assistance from ThoughtSpot Support)
* xref:configure-saml.adoc#IAMv2[Enable SAML authentication on ThoughtSpot with IAMv2]
* xref:configure-saml.adoc#idp-config[Configure the IdP server for SAML authentication]
* xref:configure-saml.adoc#auth-config-sdk[Enable SSO authentication in Visual Embed SDK]
* xref:configure-saml.adoc#saml-redirect[Add SAML redirect domain to the allowed list in ThoughtSpot]
Expand Down Expand Up @@ -261,6 +261,27 @@ link:https://docs.thoughtspot.com/cloud/latest/saml-okta#_enable_saml_authentica
You can map your SAML groups,or groups and Orgs from your IdP to your ThoughtSpot. This means that you do not have to manually recreate your groups and Orgs in ThoughtSpot if they are already present in your IdP.
Refer to link:https://docs.thoughtspot.com/cloud/latest/saml-group-mapping[Configure SAML group mapping, window=_blank].

[#update-idp-cert-iamv2]
=== #Update your IdP certificate#
If your IdP certificate expires or is rotated, you can update it in the ThoughtSpot UI.
ThoughtSpot IAMv2 supports self-serve certificate management — changes take effect immediately after you save.

To update your IdP certificate:

* Go to *Admin* > *User management* > *Authentication*
* Navigate to your SAML connection and click the **More** menu image:./images/icon-more-10px.png[the more options menu] > *Edit*
* In the *IDP provider certificate* field, replace the existing certificate with the new certificate file from your IdP.
+
[NOTE]
====
Download the raw certificate file from your IdP settings page.
The accepted format is `PEM / .cer / .crt`.
====
* Click *Save*.

Your users can sign in using the updated certificate immediately.
If users experience sign-in failures after a certificate rotation, verify that the certificate in ThoughtSpot matches the certificate currently active on your IdP.


[#idp-config]
=== Configure the IdP server for SAML authentication
Expand Down