This post is part of our series covering tips, tricks, and ideas in Tableau Online, our cloud collaboration and sharing platform.
If you’re a site administrator, choosing the best authentication method for your organization requires you balance competing priorities:
- Are your users happy entering their own login credentials, or are they expecting a more seamless experience?
- Do you have IT-based policies around password complexity and change frequency?
- How do you satisfy both end users and IT departments?
Never fear, SAML is here. Or more precisely, Active Directory Federation Services (ADFS) leveraging SAML is here.
ADFS allows cloud-based services to employ Active Directory (AD) single sign-on (SSO), which is a common service used for authentication behind company firewalls. ADFS does this by integrating with SAML, which is an authentication standard currently available in Tableau Online.
A word to the wise: We’re about to dive deep into the bowels of your Tableau Online account. Now’s the time to pull out your site administrator credentials and fire up your Active Directory admin account.
Here’s what our authentication flow will look like. (Note that, in this example, the Identity Provider (IdP) is ADFS. However, Tableau Online also integrates with other SAML IdP providers like OneLogin and Okta. These services also have methods for federating user authentication to AD.)
- Navigate to the Tableau Online sign-in page or a published workbook, and enter your user name.
- Tableau Online starts the authentication process and redirects the request to the registered IdP.
- The IdP requests your password and, after confirming that the user name you’ve submitted is identical to the user name stored in the IdP assertions, authenticates the user.
- The IdP returns a SAML success response to Tableau Online.
- Tableau Online displays the page you requested in step 1.
Authentication in this setup is performed by Active Directory, which is also used for many local authentication tasks. Once set up with Tableau Online, your end-users will use their regular AD credentials to log in to Tableau Online—the same credentials they use to log into their desktop computers.
It’s a win-win situation. There’s no need for users to remember yet another password. And your IT team won’t need to manage an additional set of user credentials. Plus you can sleep soundly knowing your AD user credentials already comply with corporate policies.
Isn’t it great making everyone happy?