Before tableasu online forms SAML, please check the required items.

Requirements for ID provider constituted by tableeau

SAML compatibility references and requirements

Using ssso in tableau client applications

Influence of changing authentication type on tableeau Bridge

XML data requirements

Requirements for ID provider constituted by tableeau

The next step is needed to use SAML

• Administrator access to the tableasu online website. To access administrators on the tableeau online website using SAML.

Administrator access to the tableasu online website. To access administrators on the tableeau online website using SAML.

• Use SSO to access the user list of tableeau online. You must collect the e-mail address of the user of your single sign on action for tabline.

Use SSO to access the user list of tableeau online. You must collect the e-mail address of the user of your single sign on action for tabline.

• IDP account supporting SAML 2.0 The account of the external ID provider is required. For example, pingfedread siteminder and open am IDP needs to support SAML 2.0 and have access rights to manage accounts.

IDP account supporting SAML 2.0 The account of the external ID provider is required. For example, pingfedread siteminder and open am IDP needs to support SAML 2.0 and have access rights to manage accounts.

• IDP provider to import XML metadata and export. Manually created files may start, but tableeau technical support does not provide support for file generation or problem solving.

Import XML metadata and the exported IdP provider. Manually created files may start, but tableeau technical support does not provide support for file generation or problem solving.

Administrator access to the tableasu online website. To access administrators on the tableeau online website using SAML.

Use SSO to access the user list of tableeau online. You must collect the e-mail address of the user of your single sign on action for tabline.

IDP account supporting SAML 2.0 The account of the external ID provider is required. For example, pingfedread siteminder and open am IDP needs to support SAML 2.0 and have access rights to manage accounts.

IDP provider to import XML metadata and export. Manually created files may start, but tableeau technical support does not provide support for file generation or problem solving.

Important: at the same time of this requirement, it is best to use a dedicated website certified by tableeauid frequently to manage accounts. If SAML or IDP related problems occur, you can visit the website frequently if you use a dedicated tableauid account.

SAML compatibility references and requirements

• SP or IDP initialization: tableasu online supports the SAML authentication initiated by IDP (ID provider) or SP (service provider).

SP or IDP initialization: tableasu online supports the SAML authentication initiated by IDP (ID provider) or SP (service provider).

• Cannot use Kerberos: tableeau online does not support SAML and Kerberos at the same time.

Cannot use Kerberos: tableeau online does not support SAML and Kerberos at the same time.

• To use tabcmd and rest API: tabcmd or rest API, you need to use tableeauid account to log in to tableeau online.

To use tabcmd and rest API: tabcmd or rest API, you need to use tableeauid account to log in to tableeau online.

• Tableau bridge needs to be reconstructed: tableau bridge supports SAML authentication, but it needs to be reconstructed if the bridge client is to be changed. For details, please refer to the impact of certification type change on tableau bridge.

Tableau bridge needs to be reconstructed: tableau bridge supports SAML authentication, but it needs to be reconstructed if the bridge client is to be changed. For details, please refer to the impact of certification type change on tableau bridge.

SP or IDP initialization: tableasu online supports the SAML authentication initiated by IDP (ID provider) or SP (service provider).

Cannot use Kerberos: tableeau online does not support SAML and Kerberos at the same time.

To use tabcmd and rest API: tabcmd or rest API, you need to use tableeauid account to log in to tableeau online.

Tableau bridge needs to be reconstructed: tableau bridge supports SAML authentication, but it needs to be reconstructed if the bridge client is to be changed. For details, please refer to the impact of certification type change on tableau bridge.

Using ssso in tableau client applications

If users of tableasu online have SAML qualification certificate, they can also log in to tableu desktop or tableau mobile application website. For best compatibility, be consistent with the tableau client application version, tableasu online version.

When tableau desktop or tableau mobile connects to tableau online, the connection initiated by the service provider is used.

Restart the authenticated user tableasu client

When users log in to tableasu online, tableau online will send SAML request (authnrequest) on IDP, which contains the relaystate value of tableau application. When a user logs in to a tableau client like tableasu desktop or tableau mobile and logs in to tableasu online, the SAML of IDP should return the relaystate value.

AuthnRequest AuthnRequest

If the price of relaystate in this script is returned unreasonably, it will be transferred to the user's login application, not in the web browser, but on the user's tableau online home page.

Work with ID provider and internal it to confirm whether the response of IDP SAML contains this value.

Influence of changing authentication type on tableeau Bridge

If you change the authentication type of the website, in the scheduled extractor, the post using tableau bridge will disconnect the bridge client and use the new method to recertify.

If the bridge client is disconnected, all data sources will be deleted and the user must reset all new changes. The bridge live quota or new creation (such as live or update of the clowd basic data) running directly on the tableau online website will also not affect the authentication type.

Before changing the authentication type, it is best to tell bridge users about the changes to the website authentication. If not, an authentication error is displayed in the bridge client or the authentication type is changed when an empty data source is opened.

XML data requirements

SAML is composed of XML metadata files created by tableasu online and IDP. During the authentication process, IDP and tableau online use this XML document to exchange authentication information. If XML does not meet these requirements, an error will occur during SAML composition or when a user attempts to log in.