# ThoughtSpot Connect your company's ThoughtSpot instance to Cakewalk's MCP Gateway. Every agent tool call against ThoughtSpot passes through the gateway and is evaluated against your Policies. ## Requirements * ThoughtSpot admin who can edit instance security configurations (CORS allowlist, SAML redirect domains). * ThoughtSpot account on to register the OAuth client. ## Before Setup: Allowlist ThoughtSpot's Agent Host Before the OAuth flow can complete, your ThoughtSpot instance must allowlist `agent.thoughtspot.app`. In your ThoughtSpot admin security configuration: 1. Add `agent.thoughtspot.app` to the **CORS whitelisted domains**. 2. Add `agent.thoughtspot.app` to the **SAML redirect domains**. Save both. ## About Scopes ThoughtSpot does not enumerate OAuth scope strings. Permissions are inherited from the ThoughtSpot user's role; tools that read content require the corresponding ThoughtSpot view permissions. ## Step 1: Register the OAuth Client 1. Open . 2. Register a new client. Add your ThoughtSpot instance URL to the appropriate field. 3. Add this redirect URI: ``` https://mcp-gateway.getcakewalk.io/api/v1/Auth/Callback ``` 4. Save. The portal generates a Client ID and Client Secret. Copy both values immediately. ThoughtSpot displays them only once and they cannot be retrieved later. ## Step 2: Paste Credentials Into Cakewalk 1. Open . 2. Go to All Connections. 3. Find ThoughtSpot. 4. Click Edit credentials. 5. Paste the Client ID and Client Secret. 6. Save. ## Verifying It Works The ThoughtSpot Connection card flips to Active on All Connections. From an agent platform connected to Cakewalk, ask the agent to search a ThoughtSpot answer. If ThoughtSpot returns results, the Connection is live. ## Troubleshooting * OAuth flow fails with CORS or SAML error: confirm `agent.thoughtspot.app` is in both the CORS allowlist and the SAML redirect domains of your ThoughtSpot instance. * Lost Client Secret: the portal cannot redisplay it. Register a new client and reconnect. * Tools return permission errors: the ThoughtSpot user account behind the OAuth flow must have view permissions on the objects the agent is asking for. ## Learn More * [Connect MCP server to clients](https://developers.thoughtspot.com/docs/connect-mcp-server-to-clients) * [ThoughtSpot MCP server overview](https://developers.thoughtspot.com/docs/mcp-integration) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.cakewalk.security/docs/ai-agent-access/connections-and-integrations/agent-connections/thoughtspot.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.