Portals for Tableau New Feature Spotlight: Token Authentication

Data

Portals for Tableau New Feature Spotlight: Token Authentication

The Portals for Tableau New Features series is designed to keep users up to date with all the latest features being added to InterWorks' embedded analytics solution, Portals for Tableau.

A Dream Within a Dream

Do you ever wake up from a dream only to realize you’re still dreaming? Even though Portals for Tableau is your dream solution, you don’t have to slap yourself awake to take advantage of its new feature: token authentication.

Just like Portals for Tableau can embed your Tableau visualizations, your enterprise portal can embed Portals for Tableau in an Inception-style layering. While this has always been possible when using SAML as the single sign-on (SSO) platform, some enterprise portals don’t support SAML. Token authentication allows the same SSO behavior with any other arbitrary authentication solution your enterprise portal has.

How Token Authentication Works

Token authentication takes care of SSO by allowing your enterprise portal to authenticate users through Portals for Tableau’s REST API, similar to how Portals for Tableau can authenticate users on Tableau Server by using Trusted Ticket Authentication. Your enterprise portal makes a request to the API to authenticate a specific user and receives a short-lived, one-time-use token. Then, your enterprise portal adds that token to the Portals for Tableau link.

When the user views the link, Portals for Tableau automatically logs them in, just like it would have done if they provided their username and password. There’s even an option to automatically provision the user within Portals for Tableau and Tableau Server if they don’t already exist.

How to Implement with Portals for Tableau

Here are the technical details on how to implement SSO using token authentication between your enterprise portal and Portals for Tableau.

  1. Enterprise portal makes a GET request to https://portalsfortableau.yourcompany.com/api/v1/userMgmt/createAuthToken with the following query string variables:
    • apikey [required]: A valid API key from (Portals for Tableau’s Backend > Settings > API Keys).
    • username [required]: The username of the account to log in.
    • jit_provision [optional]: A flag to indicate whether to create the user if they don’t already exist in a just-in-time (JIT) fashion.
    • password [optional]: The password to set for the user when JIT provisioning. The default is a random password.
    • email [optional]: The email address to set for the user when JIT provisioning. No default value is specified for this field.
    • name [optional]: The full name to set for the user when JIT provisioning. The default is to set this to the username.
    • site_role [optional]: The Tableau Server site role to set for the user when JIT provisioning. The default is Viewer.
  2. Portals for Tableau will respond to the API call with the token information in the following JSON format:
    {
    "result": "success",
        "data": {
            "frontend_user_id": 123,
            "token": "VVVVVVVVV-WWWW-XXXX-YYYY-ZZZZZZZZZZZZZ",
            "expires_at": {
                "date": "2019-12-31 11:59:00",
                "timezone_type": 3,
                "timezone": "UTC"
            }
        }
    }
  3. Enterprise portal adds the token value to the Portals for Tableau link like so:
    https://portalsfortableau.yourcompany.com/?auth_token=VVVVVVVVV-WWWW-XXXX-YYYY-ZZZZZZZZZZZZZ
  4. When the user’s browser requests that link, Portals for Tableau will log them in as long as the token hasn’t already expired.
  5. Subsequent links within Portals for Tableau do not need authentication tokens as long as their session is valid.

More About the Author

Matthew Orr

Solutions Architect
Portals for Tableau 101: Filter Blacklists and Averaging The advanced filtering capabilities are some of the most popular features of the portal product. These are made possible by Tableau ...
Portals for Tableau 101: Multi-Tenant Architecture Several of our clients utilize their portal to show dashboards to numerous clients of theirs in a multi-tenant architecture. Unlike ...

See more from this author →

Subscribe to our newsletter

  • I understand that InterWorks will use the data provided for the purpose of communication and the administration my request. InterWorks will never disclose or sell any personal data except where required to do so by law. Finally, I understand that future communications related topics and events may be sent from InterWorks, but I can opt-out at any time.
  • This field is for validation purposes and should be left unchanged.

InterWorks uses cookies to allow us to better understand how the site is used. By continuing to use this site, you consent to this policy. Review Policy OK

×

Interworks GmbH
Ratinger Straße 9
40213 Düsseldorf
Germany
Geschäftsführer: Mel Stephenson

Kontaktaufnahme: markus@interworks.eu
Telefon: +49 (0)211 5408 5301

Amtsgericht Düsseldorf HRB 79752
UstldNr: DE 313 353 072