Copyright 2013 Tableau Software, Incorporated and its licensors. All rights reserved. Patents pending.
Single Sign-On with SAML
With Tableaus SAML support, you use an external identity provider (IdP) to authenticate Tableau Server users. All user authentication is done outside of Tableau, regardless of whether youre using Active Directory or local authentication in Tableau Server to manage your user accounts. This allows you to provide a single sign-on experience across all the applications in your organization. To congure Tableau Server for SAML, you need the following: Certifcate fle: A PEM-encoded x509 certicate with the extension .crt. Certifcate key fle: An RSA or DSA key le that is not password protected and has a .key le extension. IdP account: Examples are PingFederate, SiteMinder, and OpenAM. Matching usernames: Tableau Server usernames and the usernames stored in the IdP must match. Ensure that the username you plan to use for your Tableau Server administrator account exists in your IdP before you run Setup. 2 Export Metadata from the IdP On the IdPs website, add your Tableau Server as a connection type for the IdP to authenticate. As part of this, you will import the Tableau metadata .xml le you created in step 2, and conrm that your IdPs settings use username as the attribute element to verify. Next, export your IdPs metadata .xml le and copy it to the following folder on your Tableau Server: C:\Program Files\Tableau\Tableau Server\SAML 3 4 1 Use the .xml le name of your choice. Test the SAML Sign-On On the SAML tab in the Tableau Conguration utility, enter the location to the IdPs le in the SAML IdP metadata fle text box. Click OK. Finish Setup, creating an administrator account when prompted. To test your changes, start a fresh web browser session to Tableau Server. You should note that the Sign On prompt is from your IdP and not Tableau: Specify the Server and Certifcates Run Server Setup. After you congure your general settings in the Conguration utility, click the SAML tab and select Use SAML for single sign-on: In the Tableau Server return URL text box, enter the customer-facing URL for your Tableau Server. Enter this same value for SAML entity ID. Create a SAML folder under C:\Program Files\ Tableau\Tableau Server and copy your .crt and .key les there. Enter that location in the next two elds. Export Metadata from Tableau Leaving the SAML IdP metadata fle text box empty, click the Export Metadata File button. In the next dialog box, save the XML le. You will need to provide this le to your IdP in the next step.