TFD
ThoughtSpot For Developers2w ago
Andy

Andy - Hi team. We have multi org set up on ou...

Hi team. We have multi org set up on our cluster. i have a number of orgs which i am a member of. Before our cluster was upgraded to v10.5 our embedded application would serve me the Org that i was currently active in our cluster. Post upgrade to 10.5 it seems to be selecting the first Org in my list. Note: we have not hardcoded the org into the embedding Has anyone seen this behaviour? cc: @rumana-hf @Charlie Birch
18 Replies
rumana-hf
rumana-hf2w ago
We're using the Visual Embed SDK and using this to authenticate and then display the homepage: 
const authStatus = init({
        thoughtSpotHost: tsHost,
        authType: AuthType.Basic,
        username,
        password,
        loginFailedMessage: 'Login failed. Please try again.',
        customizations: {
          content: {
            strings: Constants.TS_STRING_REPLACEMENTS,
          },
          iconSpriteUrl,
        },
      })
const appEmbed = new AppEmbed(`#${embedId}`, {
      modularHomeExperience: true,
      pageId: Page.Home,
      hiddenHomepageModules: [HomepageModule.Learning],
      homePageSearchBarMode: 'aiAnswer',
    })
const authStatus = init({
        thoughtSpotHost: tsHost,
        authType: AuthType.Basic,
        username,
        password,
        loginFailedMessage: 'Login failed. Please try again.',
        customizations: {
          content: {
            strings: Constants.TS_STRING_REPLACEMENTS,
          },
          iconSpriteUrl,
        },
      })
const appEmbed = new AppEmbed(`#${embedId}`, {
      modularHomeExperience: true,
      pageId: Page.Home,
      hiddenHomepageModules: [HomepageModule.Learning],
      homePageSearchBarMode: 'aiAnswer',
    })
shikharTS
shikharTS2w ago
"currently active in our cluster" are you using both embed and the thoughtspot instance at the same time? If yes does it ask you to authenticate in your embed as well even if you are authenticated in your thoughtspot instance?
Andy
AndyOP2w ago
yes i am using them both at the same time. we don't have org switcher enabled in our embed. so i will often do work in the TS instance and then view in the embedded application. yes i do need to log in when i go into the embedded app (note we are using basic auth at the minute)
shikharTS
shikharTS2w ago
Did that happen pre upgrade as well or did it recently start happening? Also does your browser support third party cookies? It might be that the cookies are being blocked and hence you need to authenticate again and it selects the first org Can you enable 3rd party cookies in your browser and test the same scenario to rule out that issue?
Andy
AndyOP2w ago
only noticed it since upgrading to 10.5 the other week. i am only blocking 3rd party cookies in incognito. so that shouldnt be an issue
No description
shikharTS
shikharTS2w ago
Can we get on a quick call? I can't seem to repro this internally cc @jbc
Andy
AndyOP2w ago
yep lets chat
shikharTS
shikharTS2w ago
sent you a DM
Andy
AndyOP2w ago
though i will be logging off shortly so let me know if we can do now or delay to tomorrow?>
shikharTS
shikharTS2w ago
We can you a quick connect, but we can do tomorrow if you are more comfortable
Andy
AndyOP2w ago
nah lets do now quickly
shikharTS
shikharTS2w ago
Sent you a DM, you can join there
Andy
AndyOP2w ago
hmm i dont see any dms (but im not great at discord tbh) original URL https://humanforce.thoughtspot.cloud/ new URL: https://thoughtspot.humanforce.com
shikharTS
shikharTS2w ago
@rumana-hf the reason why this behavior is happening is because the request is being made from two different urls in case of embedded platform and for the thoughtspot cluster. And for authentication we map cookies, now since the request is being made from two different urls (might be the same TS cluster, but from browser's perspective these are two completely different websites), there are two different set of cookies being generated and hence the session details from the TS cluster to the embedded instance differ. To rectify this, you can either change the url in your code to set the same url being used by the user or the user should use the url given in the code. Let me know if you have any questions around this..
rumana-hf
rumana-hf2w ago
Thanks for this! So we are hoping to not allow our customer to log into to the thoughtspot instance directly. They will only access it via the embedded app. In this case, is the default behaviour then the first organization in the list of organizations that they are a member of Is there a way to provide the org ID while logging in so that we can control which org they are logged in as
pallav
pallav2w ago
@rumana-hf check this out: https://developers.thoughtspot.com/docs/security-settings#_block_access_to_non_embedded_thoughtspot_pages maybe this helps with your use case
Security settings
Security settings for embedding
jbc
jbc2w ago
@rumana-hf Can you not limit your users to one org? Since you are using basic auth, they must have been manually created users right? You can also set the org for each of the users with our REST API https://developers.thoughtspot.com/docs/restV2-playground?apiResourceId=http%2Fapi-endpoints%2Forgs%2Fupdate-org
REST API v2.0 Playground
ThoughtSpot REST API v2.0 Playground
shikharTS
shikharTS2w ago
Also while logging in, if you do use trusted auth type auth scheme you can provide the org_id while getting the authtoken.. Also the usual expectation is that an end user should belong to a single org, so you can use the api provided above to restrict org access to users

Did you find this page helpful?