Tableau’s Plans for Partitioned Cookie Support
Tableau is committed to supporting all our customers and products and staying on top of new developments in the Internet landscape. Google, and other browser makers like Mozilla and Microsoft, plan to change how third-party cookies function in their applications by Q3 2024. This change entails replacing third-party cookie usage patterns by web browsers with a new partitioned cookie type, requiring websites and SaaS providers like Tableau to change to the new cookie standard.
Tableau is actively addressing these changes by updating all affected browser cookies in our products and delivering new features such as Connected Apps authentication and Custom Domains to ensure a seamless experience for our customers. However, if your organization embeds Tableau content, you may need to make some updates before the browser makers deprecate third-party cookies in Q3 2024.
Impact for Tableau Customers
Tableau Cloud and Server utilize browser cookies for product functionality like maintaining authenticated user sessions. Tableau is working to ensure all of the cookies we own will not be affected by the upcoming change by switching to the new partitioned cookies standard.
With the current partitioned cookie design proposed by Google, iframe-based implementations of Embedded Tableau that use Identity Provider (IDP) authentication, or seamless authentication via OpenID Connect (OIDC) and Security Assertion Markup Language (SAML), will also be impacted by Q3 2024. Customers embedding via iframes and using these authentication methods should plan on migrating to other token-based authentication methods like Connected Apps. Using Connected Apps authentication requires updating your implementations to use the Embedding v3 API if you haven’t already done so.
For Tableau Mobile users on Android devices, you will need to update to the latest Tableau Mobile version and ensure that your devices are running Android System WebView version 115+. Older versions of Tableau Mobile may encounter authentication and login issues later this year, around Q3 2023, when we roll out our partitioned cookie changes to Tableau Cloud and Tableau Server ahead of Google’s update.
Google Chrome users should update to the latest available version of the web browser. Specifically, Chrome versions 104-114 may encounter authentication and login issues when Tableau makes its cookie updates later this year in Q3 2023. Chrome generally automatically updates itself, but there are situations where the application may not do so.
Tableau’s Plan and Next Steps
Future Tableau Cloud, Server, and Desktop releases will support the new partitioned cookie standard ahead of Google’s planned rollout of its CHIPS initiative. Their current target for entirely deprecating third-party cookies is Q3 2024, but this is subject to change, and Google may move this date out as they’ve done previously. Other browsers like Mozilla Firefox will follow Google’s lead.
We will keep customers posted on future developments. Tableau will let you know once our products have been updated for partitioned cookie support and if Google and other browser makers confirm or change their date for switching to partitioned cookies and deprecating third-party cookies. Customers may also see updates about partitioned cookies via in-product messaging, banners, and emails.
In addition to supporting partitioned cookies in our products, Tableau is also working on a new Custom Domains feature that will allow Cloud customers to specify a proxy URL domain for their Cloud site instance. This provides a better-branded experience for end-users and eliminates the need for setting third-party cookies in Embedded Analytics scenarios. Custom Domains is in active development and will be released soon.
For any Embedded Analytics deployments, please use Connected Apps authentication and the Embedding API v3. If you are using any of the following methods to authenticate your embedded Tableau Dashboards, you will need to migrate to supported authentication methods like Connected Apps:
- Seamless SSO for iframe Embedded content via SAML or OIDC
- Embedded iframe authentication via IDPs (Okta, etc)
Please reach out to your Account Executive and Customer Success Manager to evaluate your current implementation, walk through alternative authentication methods, and draft a migration plan for using that new authentication.