SAML Integration in Tableau 8.1

Data

SAML Integration in Tableau 8.1

One of the best new features of Tableau 8.1 is SAML integration.

SAML is an open source web-based authentication standard that uses XML to authenticate users. In Tableau, SAML can be used as an alternative to trusted tickets, so you will still need to create the users on Tableau Server prior to login. SAML, however, also works inside the Desktop version of Tableau by opening an iframe to the login service (unlike trusted tickets).

SAML Login Tableau

SAML in Tableau Desktop

How Does SAML Work in Tableau?

SAML works by passing XML containing user information and certificates back and forth between Tableau and the Identity Provider (IdP).

The Identity Provider can be an authentication service that you setup or a paid-service that is a more “out of the box” solution.

Using POST requests, base64 encoded XML is passed between Tableau Server and your Identity Provider to authenticate the user’s credentials.
If you ever need to debug SAML, you can capture these requests with various POST capturing browser plugins and base64 decode the string. 

SAML Flow Diagram

Configuring SAML in Tableau

To configure SAML, you will need to create a self-signed certificate and key. These can be generated for free from a number of sources, including OpenSSL.

The Tableau return URL is simply the URL of your server and the entity ID can be anything you’d like to describe your Tableau usage. I used “interworks” for my setup.

The certificate files need to be stored in a location the Tableau service can use, such as the Tableau directory, but not inside the version specific directory, as they would be lost in upgrades (i.e. TableauTableau ServerSAML NOT TableauTableau Server8.1SAML).

Tableau requires a few settings that will need to be setup with the Identity Provider:

  • Tableau requires POST binding
  • The Identity Provider Response must contain the “username” attribute (the actual name of this can be changed with the Tableau setting “wgserver.saml.idpattribute.username” if needed).

SAML Tableau Configuration

Once the information is provided about your Tableau Server, Tableau will be able to generate a metadata file that you can provide to your Identity Provider. This is used to validate your request on the Identity Provider. The Identity Provider will be able to provide you with a similar metadata file to install in Tableau.

SAML can be configured after the server is setup without a full uninstall, so you can tweak the settings throughout the process to debug any authentication problems. Tableau can call for SAML usage in a variety of scenarios. If an existing SAML System is in place, or simply a need to tie into a non-LDAP system, SAML may be a good solution.

Since SAML can be completely customizable, it also allows the ability to tie together multiple systems, including Social Providers (Facebook, Twitter, etc.) through a OAuth pathway on the SAML login screen.

More About the Author

Derrick Austin

Solutions Architect | Integration Practice Lead
A Quick Overview of Embedded Analytics in Portals for Tableau At InterWorks, we live and breathe Tableau. It is an awesome product that helps us to analyse data, draw insights and share them across ...
Portals for Tableau: The Year’s Biggest Features 2017 was without a doubt the year of embedded analytics. So, we wanted to emphasize the year’s biggest wins for our version of embedded ...

See more from this author →

Subscribe to our newsletter

  • I understand that InterWorks will use the data provided for the purpose of communication and the administration my request. InterWorks will never disclose or sell any personal data except where required to do so by law. Finally, I understand that future communications related topics and events may be sent from InterWorks, but I can opt-out at any time.
  • This field is for validation purposes and should be left unchanged.

InterWorks uses cookies to allow us to better understand how the site is used. By continuing to use this site, you consent to this policy. Review Policy OK

×

Interworks GmbH
Ratinger Straße 9
40213 Düsseldorf
Germany
Geschäftsführer: Mel Stephenson

Kontaktaufnahme: markus@interworks.eu
Telefon: +49 (0)211 5408 5301

Amtsgericht Düsseldorf HRB 79752
UstldNr: DE 313 353 072