Portals for Tableau New Feature Spotlight: Token Authentication


Portals for Tableau New Feature Spotlight: Token Authentication

The Portals for Tableau New Features series is designed to keep users up to date with all the latest features being added to InterWorks' embedded analytics solution, Portals for Tableau.

Please note that Portals for Tableau are now officially known as Curator by InterWorks. You can learn more at the official Curator website.

A Dream Within a Dream

Do you ever wake up from a dream only to realize you’re still dreaming? Even though Portals for Tableau is your dream solution, you don’t have to slap yourself awake to take advantage of its new feature: token authentication.

Just like Portals for Tableau can embed your Tableau visualizations, your enterprise portal can embed Portals for Tableau in an Inception-style layering. While this has always been possible when using SAML as the single sign-on (SSO) platform, some enterprise portals don’t support SAML. Token authentication allows the same SSO behavior with any other arbitrary authentication solution your enterprise portal has.

How Token Authentication Works

Token authentication takes care of SSO by allowing your enterprise portal to authenticate users through Portals for Tableau’s REST API, similar to how Portals for Tableau can authenticate users on Tableau Server by using Trusted Ticket Authentication. Your enterprise portal makes a request to the API to authenticate a specific user and receives a short-lived, one-time-use token. Then, your enterprise portal adds that token to the Portals for Tableau link.

When the user views the link, Portals for Tableau automatically logs them in, just like it would have done if they provided their username and password. There’s even an option to automatically provision the user within Portals for Tableau and Tableau Server if they don’t already exist.

How to Implement with Portals for Tableau

Here are the technical details on how to implement SSO using token authentication between your enterprise portal and Portals for Tableau.

  1. Enterprise portal makes a GET request to https://portalsfortableau.yourcompany.com/api/v1/userMgmt/createAuthToken with the following query string variables:
    • apikey [required]: A valid API key from (Portals for Tableau’s Backend > Settings > API Keys).
    • username [required]: The username of the account to log in.
    • jit_provision [optional]: A flag to indicate whether to create the user if they don’t already exist in a just-in-time (JIT) fashion.
    • password [optional]: The password to set for the user when JIT provisioning. The default is a random password.
    • email [optional]: The email address to set for the user when JIT provisioning. No default value is specified for this field.
    • name [optional]: The full name to set for the user when JIT provisioning. The default is to set this to the username.
    • site_role [optional]: The Tableau Server site role to set for the user when JIT provisioning. The default is Viewer.
  2. Portals for Tableau will respond to the API call with the token information in the following JSON format:
    "result": "success",
        "data": {
            "frontend_user_id": 123,
            "expires_at": {
                "date": "2019-12-31 11:59:00",
                "timezone_type": 3,
                "timezone": "UTC"
  3. Enterprise portal adds the token value to the Portals for Tableau link like so:
  4. When the user’s browser requests that link, Portals for Tableau will log them in as long as the token hasn’t already expired.
  5. Subsequent links within Portals for Tableau do not need authentication tokens as long as their session is valid.

More About the Author

Matthew Orr

Curator Architect
Git Nested Branching with Squash Bird nests? Tree limbs? Summer squash? There sure are a lot of plant, animal and food terms in that title. What are we talking about ...
Get to Know pdb, the Python Debugger While my day-to-day is spent working within Curator’s PHP platform, my favorite programming language is Python. I used it daily in a ...

See more from this author →

InterWorks uses cookies to allow us to better understand how the site is used. By continuing to use this site, you consent to this policy. Review Policy OK


Interworks GmbH
Ratinger Straße 9
40213 Düsseldorf
Geschäftsführer: Mel Stephenson

Kontaktaufnahme: markus@interworks.eu
Telefon: +49 (0)211 5408 5301

Amtsgericht Düsseldorf HRB 79752
UstldNr: DE 313 353 072


Love our blog? You should see our emails. Sign up for our newsletter!