ThoughtSpot For Developers•4w ago

Chaim Platonov - Hey,I'm writing code to sync ...

Hey, I'm writing code to sync the users of our system with ThoughtSpot. To create users in the TS I use the just-in-time provisioning But when I try to set account_status to INACTIVE using update user API I get Unable to update user state to INACTIVE from PENDING. Please activate the user to continue. Get current user info returns account_status: 'ACTIVE'.

Solution:

@Chaim Platonov if the user is not activated use reset password api to reset it's password. Post which it will be in active state and then you will be able to use the update api.

Jump to solution

18 Replies

Aditya•4w ago

@pallav PTAL

shikharTS•3w ago

Are you trying to make account status INACTIVE for the current user? You are checking the account status for current user using Get current user info api call you mentioned..

TarphonOP•3w ago

I'm using user with ADMINISTRATION privilege to update another user to INACTIVE and getting the error I mentioned. I'm checking the status with the token of the user I'm trying to update.

Satyam Saxena•3w ago

@Chaim Platonov did you try activating the said user using tenant admin

TarphonOP•3w ago

How?

Satyam Saxena•3w ago

the log says the user you are trying to change the state of isn't activated yet

TarphonOP•3w ago

How to activate it? The activate user API needs auth_token that as admin I don't have.

Satyam Saxena•3w ago

you can generate the token using the admin user credentials from Get Full Access Token API.

TarphonOP•3w ago

I'll try.

    const adminClient = initThoughtSpotAdminClient();

    const token = await adminClient.getFullAccessToken({
      auto_create: true,
      secret_key: thoughtSpotSecretKey(),
      org_id: thoughtSpotOrganizationId(),
      username: `chaim-test`,
      display_name: 'chaim',
      email: '[email protected]'
    });

    await adminClient.activateUser({
      user_identifier: token.valid_for_user_id,
      auth_token: token.token,
      password: 'password'
    });

    const adminClient = initThoughtSpotAdminClient();

    const token = await adminClient.getFullAccessToken({
      auto_create: true,
      secret_key: thoughtSpotSecretKey(),
      org_id: thoughtSpotOrganizationId(),
      username: `chaim-test`,
      display_name: 'chaim',
      email: '[email protected]'
    });

    await adminClient.activateUser({
      user_identifier: token.valid_for_user_id,
      auth_token: token.token,
      password: 'password'
    });

getting Unable to authenticate current user with given token

    const client = new ThoughtSpotRestApi(
      createBearerAuthenticationConfig(thoughtSpotBaseUrl(), {
        auto_create: true,
        secret_key: thoughtSpotSecretKey(),
        org_id: thoughtSpotOrganizationId(),
        username,
        display_name: username,
        email: '...'
      })
    );

    const token = await client.getFullAccessToken({
      secret_key: thoughtSpotSecretKey(),
      org_id: thoughtSpotOrganizationId(),
      username
    });

    await client.activateUser({
      user_identifier: username,
      auth_token: token.token,
      password: 'password'
    });

    const client = new ThoughtSpotRestApi(
      createBearerAuthenticationConfig(thoughtSpotBaseUrl(), {
        auto_create: true,
        secret_key: thoughtSpotSecretKey(),
        org_id: thoughtSpotOrganizationId(),
        username,
        display_name: username,
        email: '...'
      })
    );

    const token = await client.getFullAccessToken({
      secret_key: thoughtSpotSecretKey(),
      org_id: thoughtSpotOrganizationId(),
      username
    });

    await client.activateUser({
      user_identifier: username,
      auth_token: token.token,
      password: 'password'
    });

getting Either your username or password is incorrect. Your account may lock out after multiple successive incorrect attempts

shikharTS•3w ago

Is chaim-test tenant-admin? You need to call this activate user api with tenant admin token

TarphonOP•3w ago

    const adminToken = await adminClient.getFullAccessToken({
      auto_create: false,
      secret_key: thoughtSpotSecretKey(),
      org_id: thoughtSpotOrganizationId(),
      username: thoughtSpotAdminUsername()
    });

    await adminClient.activateUser({
      user_identifier: 'user_id',
      auth_token: adminToken.token,
      password: 'password'
    });

    const adminToken = await adminClient.getFullAccessToken({
      auto_create: false,
      secret_key: thoughtSpotSecretKey(),
      org_id: thoughtSpotOrganizationId(),
      username: thoughtSpotAdminUsername()
    });

    await adminClient.activateUser({
      user_identifier: 'user_id',
      auth_token: adminToken.token,
      password: 'password'
    });

like this? Getting Unable to fetch user authentication information from authToken

shikharTS•3w ago

Can you remove the org_id: thoughtSpotOrganizationId(), while getting full access token. Looks like it needs to run as tenant admin to run this API Actually it seems you cannot activate a user from pending state. This API might work only for deactivated users. It needs to be activated first. Will confirm this internally @Satyam Saxena this seems broken can you also check?

TarphonOP•3w ago

We need to create a thoughtspot user without requiring any actions from our customers, but IIUC the only way to activate is using an activation email.

shikharTS•3w ago

Lets wait for @Satyam Saxena to reply on this thread, but in case you do not receive a reply, I would recommend to create a support ticket so that the relevant team can take this up In TS UI I see the user as active as well. But for some reason the update user API shows user as PENDING activation @Tarphon can you use the /api/rest/2.0/users/deactivate API to deactivate the user. Seems some bug with update user API

Solution

Satyam Saxena•3w ago

@Chaim Platonov if the user is not activated use reset password api to reset it's password. Post which it will be in active state and then you will be able to use the update api.

shikharTS•3w ago

@Satyam Saxena the TS UI shows user is activated..

Satyam Saxena•3w ago

Yes, after changing state the ui/api response might show the older state that's because user sync happens only after one of the tenant admin(s) login. In that scenario the state will get updated only once the tenant admin logs in.

TarphonOP•3w ago

After reset password I can update the account status. Thanks. Side question: what's the difference between INACTIVE and SUSPENDED (both are shown in the UI as suspended)?

Gaming

Programming

Chaim Platonov - Hey,I'm writing code to sync ...

Did you find this page helpful?