Академический Документы
Профессиональный Документы
Культура Документы
Configuring
Configuring Tableau Online
The following is an overview of the steps required to configure the Tableau Online
application for single sign-on (SSO) via SAML. Tableau Online offers both IdP-initiated
SAML SSO (for SSO access through the user portal or Centrify mobile applications) and
SP-initiated SAML SSO (for SSO access directly through the Tableau Online web
application). You can configure Tableau Online for either or both types of SSO. Enabling
both methods ensures that users can log in to Tableau Online in different situations such as
clicking through a notification email.
1 Prepare for Tableau Online single sign-on (see "Tableau Online
application settings.
Once the application settings are configured, complete the user account mapping and
assign the application to one or more roles. For details, see "Configuring Tableau Online
in Cloud Manager" on page 128-12.
3 Configure the Tableau Online application for single sign-on.
To configure Tableau Online for SSO, copy settings from the Application Settings page
in the Centrify Cloud Manager, and paste them into fields on the Tableau Online website.
For details, see "Configuring Tableau Online on its web site" on page 128-16.
After you are done configuring the application settings in the Cloud Manager and the
Tableau Online application, users are ready to launch the application from the Centrify
user portal.
A signed certificate.
You can either download one from Cloud Manager or use your organizations trusted
certificate.
Capability
Supported?
Yes
Mobile client
No
SAML 2.0
Yes
SP-initiated SSO
Yes
IdP-initiated SSO
Yes
Yes
Support details
10
Capability
Supported?
No
Yes
Support details
No
Yes
Self-service password
No
Yes
11
The application that you just added opens to the Application Settings page.
7 Configure the following:
Field
Required or
optional
Set it to
What you do
Required
Required
12
Field
Required or
optional
Set it to
What you do
Required
Required
8 On the Application Settings page, expand the Additional Options section and
Description
Application ID
Configure this field if you are deploying a mobile application that uses
the Centrify mobile SDK, for example mobile applications that are
deployed into a Samsung KNOX version 1 container. The cloud service
uses the Application ID to provide single sign-on to mobile applications.
Note the following:
The Application ID has to be the same as the text string that is
specified as the target in the code of the mobile application written
using the mobile SDK. If you change the name of the web application
that corresponds to the mobile application, you need to enter the
original application name in the Application ID field.
There can only be one SAML application deployed with the name used
by the mobile application.
The Application ID is case-sensitive and can be any combination of
letters, numbers, spaces, and special characters up to 256 characters.
13
Option
Description
Select Show in User app list to display this web application in the user
portal. (This option is selected by default.)
If this web application is added only to provide SAML for a corresponding
mobile app, deselect this option so the web application wont display for
users in the user portal.
Security Certificate
These settings specify the security certificate used for secure SSO
authentication between the cloud service and the web application.
Select an option to change the security certificate.
Use existing certificate displays beneath it the certificate currently in
use. The Download button below the certificate name downloads the
current certificate through your web browser to your computer so you
can supply the certificate to the web application during SSO
configuration. Its not necessary to select this optionits present to
display current status.
Use the default tenant signing certificate selects the cloud service
standard certificate for use. This is the default setting.
Use a certificate with a private key (pfx file) from your local storage
selects any certificate you want to supply, typically your organizations
own certificate. To use this selection, you must click Browse to upload
an archive file (.p12 or .pfx extension) that contains the certificate
along with its private key. If the file has a password, you must enter it
when prompted.
9 (Optional) On the Description page, you can change the name, description, and logo
for the application. For some applications, the name cannot be modified.
The Category field specifies the default grouping for the application in the user portal.
Users have the option to create a tag that overrides the default grouping in the user portal.
10 On the User Access page, select the role(s) that represent the users and groups that have
14
12 On the Account Mapping page, configure how the login information is mapped to the
The above script instructs the cloud service to set the login user name to the users mail
attribute value in Active Directory and add .ad to the end. So, if the users mail
attribute value is Adele.Darwin@acme.com then the cloud service uses
Adele.Darwin@acme.com.ad. For more information about writing a script to map
user accounts, see the SAML application scripting guide.
13 (Optional) On the Advanced page, you can edit the script that generates the SAML
assertion, if needed. In most cases, you dont need to edit this script. For more
information, see the SAML application scripting guide.
On the Changelog page, you can see recent changes that have been made to the
application settings, by date, user, and the type of change that was made.
Note
14 Click Workflow to set up a request and approval work flow for this application.
The Workflow feature is a premium feature and is available only in the Centrify Identity
Service App+ Edition. See Configuring Workflow for more information.
15 Click Save.
After configuring the application settings (including the role assignment) and the
applications web site, youre ready for users to launch the application from the user
portal.
15
account credentials:
https://auth.tableausoftware.com/user/login
2 Select the site you want to configure for SSO and then select Settings >
Authentication.
3 On the Authentication page, select Single sign-on with SAML.
4 Import metadata from the Identity Provider, then click Apply.
5 Click Test Login. Tableau Onlines SSO User Details page appears in a new browser
Note
Note
Centrify recommends having at least one Server or Site Administrator account that
does not use SSO for authentication due to the risk of lockout. If all administrators are
locked out, you can contact Tableau Online Support to either disable SAML or change
one of your administrator users to use the Tableau Online ID authentication method.
Note
9 Click Save and Enable to save the configuration and enable single sign-on.
16