IMCAFS

Home

saml requirements for tablet online

Posted by millikan at 2020-07-25
all

Before establishing SAML on tableeau online, check what you need to meet.

Requirements for establishing ID provider (IDP) of tableau

SAML compatibility references and requirements

Using SAML SSO in tablet applications

Impact of authentication type change on Tablo Bridge

XML data requirements

Requirements for establishing ID provider (IDP) of tableau

In order to use SAML, you need to set up tablet online.

Administrator access to the tableeau online site. You must visit the tableeau online website in order to use SAML.

Use SSO to access the user list of tablo online. You must collect user email addresses that allow sign on solutions for tableeau online.

IDP accounts supporting SAML 2.0. The account number of the external ID provider is required. Several examples are pingfederation siteminder and open am IDP needs to support SAML 2.0, and you need administrator access to the account.

IDP provider supporting XML metadata import and export. Although manually generated files can be started, tableau technical support does not provide support for file generation or related issues.

Administrator access to the tableeau online site. You must visit the tableeau online website in order to use SAML.

Use SSO to access the user list of tablo online. You must collect user email addresses that allow sign on solutions for tableeau online.

IDP accounts supporting SAML 2.0. The account number of the external ID provider is required. Several examples are pingfederation siteminder and open am IDP needs to support SAML 2.0, and you need administrator access to the account.

IDP provider supporting XML metadata import and export. Although manually generated files can be started, tableau technical support does not provide support for file generation or related issues.

Important: along with these requirements, it's better to use a dedicated website manager account that is often composed of tableuid authentication. If SAML or IDP related problems occur, you can visit the website frequently with a dedicated tablet account.

SAML compatibility references and requirements

SP or IDP initialization: tableau online supports SAML authentication initiated by IDP (ID provider) or SP (service provider).

Cannot use Kerberos: tableeau online does not support SAML and Kerberos at the same time.

Tabcmd and rest API: tabcmd or rest API. Users need to log in to tableau online with a tablet account.

Tableau bridge needs to be reconstructed: tableau bridge supports SAML authentication, but if you want to change authentication, you need to reconstruct the bridge client. For details, please refer to the impact of certification type change on flat slab bridges.

SP or IDP initialization: tableau online supports SAML authentication initiated by IDP (ID provider) or SP (service provider).

Cannot use Kerberos: tableeau online does not support SAML and Kerberos at the same time.

Tabcmd and rest API: tabcmd or rest API. Users need to log in to tableau online with a tablet account.

Tableau bridge needs to be reconstructed: tableau bridge supports SAML authentication, but if you want to change authentication, you need to reconstruct the bridge client. For details, please refer to the impact of certification type change on flat slab bridges.

Using SAML SSO in tablet applications

Tableeau desktop or tableau mobile applications can also log on to the website if a tableeau online user has SAML certification. For maximum compatibility, the version of the tableeau client application must be consistent with the version of tableeau online.

When tableeau desktop or tableau mobile connects to tableeau online, the connection started by the service provider is used.

Again flat Eau client

When a user logs in to tableeau online, tableeau online sends an SAML request (authnrequest) to IDP, which contains the relaystate value of the tableau application. When a user logs in to tableau online on a tableeau client such as tableeau desktop or tableau mobile, the relaystate value must be returned from the IDP SAML response to tableeau.

AuthnRequest AuthnRequest

In this scenario, if the price of relaystate is not returned reasonably, it is not printed through the application that the user logs in, but moves from the browser to the user's tableeau online home page.

Work with the ID provider and internal it to verify that the IDP SAML response contains this value.

Impact of authentication type change on Tablo Bridge

In order to change the authentication type of the website, the publisher who uses tableeau bridge should disconnect the bridge client and use a new method to authenticate again.

To disconnect the bridge client, all data sources will be deleted, and users need to reset all refresh schedules. In the bridge live query or refresh (such as database query or refresh of cloud basic data) directly run by tableeau online website, even if the authentication type is changed, it will not affect.

Before changing the authentication type, it is better to inform bridge users of the changes in website authentication. Otherwise, when an authentication error is displayed in the bridge client or an empty data source area is opened, the authentication type changes.

XML data requirements

The XML metadata files generated by tableeau online and IDP are used to construct SAML. IDP and tableau online use these XML documents to exchange authentication information during the authentication process. If XML does not meet these requirements, errors can occur when composing SAML or when a user attempts to log in.