SAML 2.0 Configuration for Tableau Online

The 10Duke Identity Bridge (IdB) works as a Single Sign-On (SSO) bridge between Consumer applications and an Identity Provider (IdP). In this case Tableau Online is the Consumer application and the 10Duke Identity Bridge is configured as the trusted Identity Provider. A pre-requisite is that the 10Duke Identity Bridge is also configured to trust the IdP your organisation is using.

The below steps describe a default configuration that is compatible with the default setup in the 10Duke Identity Bridge Console configuration. Other configuration options are available if you require a different setup.

By completing the steps below, your users will be able to access Tableau Online from a single click through from the portal provided through the 10Duke Identity Bridge. This process of logging into Tableau Online or other cloud apps from a login portal provided is known as IDP-Initiated SAML.

Before configuring SAML Settings for Single Sign-On for Tableau Online please make sure that:

  1. You have configured your identity provider in the 10Duke Identity Bridge Console (instructions available here)

  2. You have already started configuring Tableau Online as a consumer application in the 10Duke Identity Bridge Console (instructions available here)

The following steps contain instructions for configuring SAML 2.0 for Tableau Online.

When you configure SAML for Tableau Online, users with SAML credentials can also sign into Tableau Online from Tableau Desktop. To connect with site-specific SAML, you must run Tableau Desktop 10.0 or later. If you connect to Tableau Online from Tableau Desktop or Tableau Mobile, it is a service provider initiated connection.

  1. Log in to your Tableau Online site as a site administrator, and select Settings > Authentication.

  2. On the Authentication tab, select Enable an additional authentication method > SAML.

  3. Click on Edit Connection and follow the steps below to use SAML for single sign-on:

    1. Export metadata from Tableau Online. Download certificate

    2. External Step: Enter metadata in 10Duke Identity Bridge Console when configuring Tableau Online as a consumer application

    3. External Step: Export metadata from your Identity Provider (IdP).

      • Sign into the 10Duke Identity Bridge Console to generate this value
    4. Import metadata file into Tableau Online

      1. IdP metadata file
        • Sign into the 10Duke Identity Bridge Console to generate this value
      2. IdP entity ID
        • Sign into the 10Duke Identity Bridge Console to generate this value
      3. SSO Service URL
        • Sign into the 10Duke Identity Bridge Console to generate this value
    5. Match attributes - set the values in the IdP Assertion Name column as follows:

      • Email: Email
      • Select the First name, Last name radio button.
      • First name: FirstName
      • Last name: LastName

    6. Embedding options - Select "Authenticate in a separate pop-up window"

    7. Troubleshooting single sign-on (SSO) - For further information about resolving issues that can occur when you configure SAML authentication go to Troubleshoot SAML page on the Tableau website