將亞馬遜紅移和思想點結合起來，將您的原始數據轉換為可行的見解

Amazon Redshift和Thoughtspot的AI驅動分析服務的這種結合使組織能夠將其原始數據轉換為可行的見解

This post shows how to integrate ThoughtSpot with Amazon Redshift using the IAM Identity Center authentication. The combination of Amazon Redshift and ThoughtSpot’s AI-powered analytics service enables organizations to transform their raw data into actionable insights with unprecedented speed and efficiency.

這篇文章展示瞭如何使用IAM身份中心身份驗證將思想點與Amazon Redshift集成。 Amazon Redshift和Thoughtspot的AI驅動分析服務的結合使組織能夠以前所未有的速度和效率將其原始數據轉換為可行的見解。

Tens of thousands of customers use Amazon Redshift to process large amounts of data, modernize their data analytics workloads, and provide insights for their business users.

成千上萬的客戶使用Amazon Redshift處理大量數據，使其數據分析工作負載現代化並為其業務用戶提供見解。

To streamline this integration even further, Amazon Redshift now supports AWS IAM Identity Center integration with ThoughtSpot. This single sign-on (SSO) integration spans ThoughtSpot’s entire cloud landscape and can be used for both embedded and standalone analytics implementations.

為了進一步簡化這種集成，Amazon Redshift現在支持AWS IAM身份中心與Thoughtspot的集成。這個單個登錄（SSO）集成跨越了思想點的整個雲景觀，可用於嵌入式和獨立的分析實現。

Prior to the IAM Identity Center integration, ThoughtSpot users didn’t have native connectivity to integrate Amazon Redshift with their identity providers (IdPs), which can provide unified governance and identity propagation across multiple AWS services like AWS Lake Formation and Amazon Simple Storage Service (Amazon S3).

在進行IAM身份中心集成之前，ThoughtSpot用戶沒有本機連接性可以將Amazon RedShift與其身份提供商（IDP）集成在一起，該公司可以在AWS Lake Formation和Amazon Simple Storage Service等多個AWS服務中提供統一的治理和身份傳播（Amazon S3）。

Now, ThoughtSpot users can natively connect to Amazon Redshift using the IAM Identity Center integration, which streamlines data analytics access management while maintaining robust security. By configuring Amazon Redshift as an AWS managed application, organizations benefit from SSO capabilities with trusted identity propagation and a trusted token issuer (TTI). The IAM Identity Center integration with Amazon Redshift provides centralized user management, automatically synchronizing access permissions with organizational changes—whether employees join, transition roles, or leave the organization. The solution uses Amazon Redshift role-based access control features that align with IdP groups synced in IAM Identity Center. Organizations can further enhance their security posture by using Lake Formation to define granular access control permissions on catalog resources for IdP identities. From a compliance and security standpoint, the integration offers comprehensive audit trails by logging end-user identities both in Amazon Redshift and AWS CloudTrail, providing visibility into data access patterns and user activities.

現在，ThoughtSpot用戶可以使用IAM身份中心集成將其內在連接到Amazon Redshift，該集成簡化了數據分析訪問管理，同時保持了強大的安全性。通過將Amazon Redshift配置為AWS託管應用程序，組織從具有可信賴的身份傳播和受信任的令牌發行人（TTI）的SSO功能中受益。 IAM身份中心與Amazon RedShift的集成提供集中式的用戶管理，自動將訪問權限與組織變更同步 - 員工是否加入，過渡角色或離開組織。該解決方案使用基於Amazon Redshift角色的訪問控制功能，該功能與IAM身份中心同步的IDP組對齊。組織可以通過使用湖泊組來定義IDP身份目錄資源上的顆粒狀訪問控制權限，從而進一步增強其安全姿勢。從合規性和安全的角度來看，集成通過在Amazon Redshift和AWS CloudTrail中記錄最終用戶身份來提供全面的審計跟踪，從而為數據訪問模式和用戶活動提供了可見性。

Dime Dimovski, a Data Warehousing Architect at Merck, shares:

默克公司的數據倉庫建築師Dime Dimovski分享：

“The recent integration of Amazon Redshift with our identity access management center will significantly enhance our data access management because we can propagate user identities across various tools. By using OAuth authentication from ThoughtSpot to Amazon Redshift, we will benefit from a seamless single sign-on experience—giving us granular access controls as well as the security and efficiency we need.”

“亞馬遜紅移與我們的身份訪問管理中心的最新集成將顯著增強我們的數據訪問管理，因為我們可以在各種工具上傳播用戶身份。通過使用從思想點到亞馬遜紅移的Oauth身份驗證，我們將從無縫的單個簽名體驗中受益，即美國粒狀訪問控制，以及我們需要的安全和效率。”

In this post, we walk you through the process of setting up ThoughtSpot integration with Amazon Redshift using IAM Identity Center authentication. The solution provides a secure, streamlined analytics environment that empowers your team to focus on what matters most: discovering and sharing valuable business insights.

在這篇文章中，我們將使用IAM身份中心身份驗證來介紹與Amazon Redshift建立思想點集成的過程。該解決方案提供了一個安全，簡化的分析環境，使您的團隊能夠專注於最重要的事情：發現和共享有價值的業務見解。

Solution overview

解決方案概述

The following diagram illustrates the architecture of the ThoughtSpot SSO integration with Amazon Redshift, IAM Identity Center, and your IdP.

下圖說明了與Amazon Redshift，IAM身份中心和您的IDP集成的思想點SSO集成的體系結構。

The solution includes the following steps:

解決方案包括以下步驟：

In this post, you will use the following steps to build the solution:

在這篇文章中，您將使用以下步驟來構建解決方案：

Prerequisites

先決條件

Before you begin implementing the solution, you must have the following in place:

在開始實施解決方案之前，您必須擁有以下內容：

Set up an OIDC application

設置OIDC應用程序

In this section, we’ll show you the step-by-step process to set up an OIDC application using both Okta and EntraID as the identity providers.

在本節中，我們將向您展示使用OKTA和Entraid作為身份提供者設置OIDC應用程序的分步過程。

Set up an Okta OIDC application

設置Okta OIDC應用程序

Complete the following steps to set up an Okta OIDC application:

完成以下步驟設置Okta OIDC應用程序：

Set up an EntraID OIDC application

設置Entraid OIDC應用程序

To create your EntraID application, follow these steps:

要創建您的入口應用程序，請遵循以下步驟：

The secret value will only be presented one time; after that you can’t read it. Make sure to copy it now. If you fail to save it, you must generate a new client secret.

秘密價值只會出現一次；之後，您無法閱讀。確保立即復制。如果您無法保存它，則必須生成一個新的客戶端秘密。

If you’re setting up for the first time, you can see Add to the right of the application ID URI.

如果您是第一次設置，則可以在應用程序ID URI的右側添加。

Set up a TTI in IAM Identity Center

在IAM身份中心建立一個TTI

Assuming you have completed the prerequisites, you will establish your IdP as a TTI in your delegated administration account. To create a TTI, refer to How to add a trusted token issuer to the IAM Identity Center console. In this post, we walk through the steps to set up a TTI for both Okta and EntraID.

假設您已經完成了先決條件，則將您的IDP確定為授權管理帳戶中的TTI。要創建TTI，請參閱如何將受信任的令牌發行人添加到IAM身份中心控制台。在這篇文章中，我們瀏覽步驟，為Okta和Entraid設置TTI。

Set up a TTI for Okta

為Okta設置TTI

To get the issuer URL from Okta, complete the following steps:

要從Okta獲取發行人URL，請完成以下步驟：

Set up a TTI for EntraID

為入口設置TTI

Complete the following steps to set up a TTI for EntraID:

完成以下步驟，以設置進入tti的TTI：

Next, you need to find the tenant ID value from EntraID.

接下來，您需要從Entraid找到房客ID值。

Set up client connections and TTIs in Amazon Redshift

在Amazon RedShift中設置客戶端連接和TTI

In this step, we configure the Amazon Redshift applications that exchange externally generated tokens to use the TTI you created in the previous step. Also, the audience claim (or aud claim) from your IdP must be specified. You need to collect the audience value from the respective IdP.

在此步驟中，我們配置了Amazon Redshift應用程序，這些應用程序交換外部生成的令牌以使用您在上一步中創建的TTI。另外，必須指定IDP的受眾索賠（或AUD索賠）。您需要從相應的IDP收集受眾價值。

Acquire the audience value from Okta

從Okta獲取觀眾價值

To acquire the audience value from Okta, complete the following steps:

要從Okta獲取受眾價值，請完成以下步驟：

Acquire the audience value from EntraID

從Entraid獲取觀眾價值

Similarly, to get the audience value EntraID, complete the following steps:

同樣，要獲得受眾價值進入，請完成以下步驟：

Configure the application

配置應用程序

After you collect the audience value from the respective IdP, you need to configure the

從相應的IDP收集受眾值後，您需要配置