IMCAFS

Home

saml requirements for tablet online

Posted by tzul at 2020-10-31
all

Before creating SAML on tableeau online, check the items you need to meet.

Setting up ID provider (IDP) requirements for tableau

SAML compatibility reference and requirements

Using SAML SSO in tablet applications

The influence of the change of authentication type on Tablo Bridge

XML data requirements

Setting up ID provider (IDP) requirements for tableau

To use SAML, tablet online needs to be established.

Administrator rights to access the tableeau online website. You must visit the tableeau online website in order to use SAML.

Use SSO to access the list of users on tablo online. You must collect the user email address that allows the sign on solution of tableau online.

Supports IDP accounts for SAML 2.0. An account number for an external ID provider is required. There are several examples of pingfeed siteminder and open am IDP needs to support SAML 2.0, and you need administrator access to the account.

IDP provider that supports XML metadata import and export. Although manually generated files can be started, tableau technical support does not provide support for file generation or solution of related problems.

Administrator rights to access the tableeau online website. You must visit the tableeau online website in order to use SAML.

Use SSO to access the list of users on tablo online. You must collect the user email address that allows the sign on solution of tableau online.

Supports IDP accounts for SAML 2.0. An account number for an external ID provider is required. There are several examples of pingfeed siteminder and open am IDP needs to support SAML 2.0, and you need administrator access to the account.

IDP provider that supports XML metadata import and export. Although manually generated files can be started, tableau technical support does not provide support for file generation or solution of related problems.

Important: along with these requirements, it is better to use the account number of the special website manager which is often composed of tableuid authentication. If there is a SAML or IDP related problem, use a dedicated tablet account and you can visit the website frequently.

SAML compatibility reference and requirements

SP or IDP initialization: tableau online supports SAML authentication initiated by IDP (ID provider) or SP (service provider).

Cannot use kerberos:tableeau online to support SAML and Kerberos at the same time.

Tabcmd and rest API: tabcmd or rest API. Users need to log in to tableau online with tablet account.

Tableau bridge needs to be re constructed: tableau bridge supports SAML authentication, but to change authentication, it needs to re-establish bridge client. Please refer to the influence of the change of certification type on the flat slab bridge for details.

SP or IDP initialization: tableau online supports SAML authentication initiated by IDP (ID provider) or SP (service provider).

Cannot use Kerberos: tableeau online does not support SAML and Kerberos at the same time.

Tabcmd and rest API: tabcmd or rest API. Users need to log in to tableau online with a tablet account.

Tableau bridge needs to be reconstructed: tableau bridge supports SAML authentication, but if you want to change authentication, you need to reconstruct the bridge client. For details, please refer to the impact of certification type change on flat slab bridges.

Using SAML SSO in tablet applications

Tableeau desktop or tableau mobile applications can also log on to the website if a tableeau online user has SAML certification. For maximum compatibility, the version of the tableeau client application must be consistent with the version of tableeau online.

When tableeau desktop or tableau mobile connects to tableeau online, the connection started by the service provider is used.

Again flat Eau client

When a user logs in to tableeau online, tableeau online sends an SAML request (authnrequest) to IDP, which contains the relaystate value of the tableau application. When a user logs in to tableau online on a tableeau client such as tableeau desktop or tableau mobile, the relaystate value must be returned from the IDP SAML response to tableeau.

AuthnRequest AuthnRequest

In this scenario, if the price of relaystate is not returned reasonably, it is not printed through the application that the user logs in, but moves from the browser to the user's tableeau online home page.

Work with the ID provider and internal it to verify that the IDP SAML response contains this value.

Impact of authentication type change on Tablo Bridge

In order to change the authentication type of the website, the publisher who uses tableeau bridge should disconnect the bridge client and use a new method to authenticate again.

To disconnect the bridge client, all data sources will be deleted, and users need to reset all refresh schedules. In the bridge live query or refresh (such as database query or refresh of cloud basic data) directly run by tableeau online website, even if the authentication type is changed, it will not affect.

Before changing the authentication type, it is better to inform bridge users of the changes in website authentication. Otherwise, when an authentication error is displayed in the bridge client or an empty data source area is opened, the authentication type changes.

XML data requirements

The XML metadata files generated by tableeau online and IDP are used to construct SAML. IDP and tableau online use these XML documents to exchange authentication information during the authentication process. If XML does not meet these requirements, errors can occur when composing SAML or when a user attempts to log in.