Support Center

Single Sign On (SSO) with Tableau Server

Prerequisites:

Notes:

  • User authorization for organizations using Tags.
  • User authorization for organizations using Groups.
  • SAML 2.0 Just-In-Time (JIT) user provisioning is not supported by Tableau Server.
  • This article assumes Tableau Server was installed to the default install location, C:\Program Files\Tableau\Tableau Server. If it was installed to a different directory, please make the appropriate changes to your configuration.
  • JumpCloud sends a value (labeled username) in the SAML Assertion that Tableau uses to identify which user is attempting SSO. This value must match a user's Tableau username. If your users' Tableau usernames already exist within JumpCloud (as their emails or JumpCloud usernames), you may choose which of these attributes to send as the username value for each user. If your users' Tableau usernames do not match any pre-existing attributes in JumpCloud, you will need to add a TableauUsername custom attribute for every user that will be using SSO to Tableau Server. To do so, complete the following steps for every user that will use SSO to Tableau Server:

    • From the JumpCloud Admin UI, select on the Users link in the sidenav.
    • Select details beside the user for whom you will add a custom attribute.
    • Select on the Attributes tab.
    • Select + add attribute.
    • In the Name field, enter TableauUsername.
    • In the Value field, enter the user's Tableau Server username.
    • Select save user.

Configure the JumpCloud SSO Application

  1. Access the JumpCloud Administrator Console at https://console.jumpcloud.com.
  2. Select Applications in the main navigation panel.
  3. Select the + in the upper left, scroll or search for the application in the Configure New Application side panel, the select configure.
  4. You can upload a service provider application's XML metadata file to populate SAML connector attributes for that application. The attributes populated by the metadata file may vary by the application. To apply a metadata file for the application you're connecting, click Upload Metadata. Navigate to the file you want to upload, then click Open. You'll see a confirmation of a successful upload. Be aware that if you upload more than one metadata file, you'll overwrite the attribute values applied in the previously uploaded file.
  5. In the IDP Entity ID field, enter https://_YOURDOMAIN.TLD_ (e.g., https://thebestwidgets.com).
  6. Select Upload IdP Private Key and upload the private.pem file generated according to the above prerequisites.
  7. Select Upload IdP Certificate and upload the cert.pem file generated according to the above prerequisites.
  8. In the SP Entity ID field, enter http://YOUR_TABLEAU_SERVER (replace YOUR_TABLEAU SERVER with your Tableau Server URL).
  9. In the ACS URL field, enter http://YOUR_TABLEAU_SERVER/wg/saml/SSO/index.html (replace YOUR_TABLEAU_SERVER with your Tableau Server URL).
  10. In the Username Attribute Name field, enter the name of the attribute whose value should be used as the username value in the assertion (see notes above). For each user, this value in JumpCloud should match his or her Tableau username. Enter email or username to send a user’s JumpCloud email or username, respectively. Leave the default value, TableauUsername, if you have added or will add custom attributes to be sent as the NameID for all users using SSO to Tableau.
  11. In the field terminating the IdP URL, either leave the default value or enter a plaintext string unique to this connector.
  12. (Optional) In the Display Label field, enter a label that will appear beside the Tableau Server logo within the JumpCloud console to guide administrators and users to the connection you have configured.
  13. Select Activate.
  14. Select export metadata next to Tableau Server on the right-hand side of the page.

Configure the Service Provider

  1. In Tableau Server, create a folder named SAML in the following location: C:\Program Files\Tableau\Tableau Server\ (this should be the same location as the Tableau Server 10.2 folder).
  2. Copy your private.pem, cert.pem, and exported metadata file into the SAML folder.
  3. Open the Tableau Server Configuration Utility and select on the SAML tab.
  4. From the drop-down menu, select SAML authentication for the server.
  5. In both the Tableau Server return URL and SAML entity ID fields, enter http://YOUR_TABLEAU_SERVER (replace YOUR_TABLEAU SERVER with your Tableau Server URL).
  6. In the SAML certificate file field, enter the path to or browse for your cert.pem file. The path to your certificate should be C:\Program Files\Tableau\Tableau Server\SAML\cert.pem.
  7. In the SAML key file field, enter the path to or browse for your private.pem file. The path to your key should be C:\Program Files\Tableau\Tableau Server\SAML\private.pem.
  8. In the SAML IdP metadata file field, enter the path to or browse for your JumpCloud metadata file. The path to your metadata file should look like C:\Program Files\Tableau\Tableau Server\SAML\metadata.xml.
  9. Stop all Tableau Server processes before selecting OK to save your configuration.
  10. Start all Tableau Server processes.

Validate SSO authentication workflows

IdP Initiated

  • Access the JumpCloud User Console at https://console.jumpcloud.com.
  • Select on the Tableau Server icon. This should automatically launch and login to the application.

SP Initiated

  • Navigate to your Tableau Server URL.
  • If necessary, log into the JumpCloud user console as the appropriate user. This should automatically launch and login to the application.
 

Last Updated: May 15, 2019 11:01AM MDT

Related Articles
desk-forwarding@jumpcloud.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete