Extend Access to Embedded Tableau Content with On-Demand Access

Streamline user provisioning and maintenance by letting your application take the lead with on-demand access.
Matt Longieliere

When you embed Tableau in your application, you can have a wide range of users, all with different needs and permissions to content. As your business and application grow, the amount of work required to provision and manage users grows with it. And if you’re already maintaining users within your application, you might duplicate work and effort to do it in Tableau, too. While you could automate some of this work using the Tableau REST API, there can still be a lag time between updates in your application and getting those changes reflected in Tableau. 

But now, with on-demand access, there’s a better way for Embedded Analytics Usage-Based Licensing customers to scale their user base while controlling for the amount of work required to add and manage users in Tableau. On-demand access makes it possible for your organization to truly reach an unlimited number of Viewers, without being constrained by the effort needed to manage users in Tableau.

How Does On-Demand Access Work? 

On-demand access uses Connected Apps and group-level permissions to authenticate users without creating accounts in Tableau. Your application creates a JSON Web Token (JWT) to authenticate the user, which Tableau honors with the group memberships you send in the JWT. If your organization already uses Connected Apps, you just need to enable on-demand access for the relevant groups and add two claims to the JWT: “https://tableau.com/oda” and “https://tableau.com/groups". The “https://tableau.com/oda” claim enables the on-demand access capability, while the “https://tableau.com/groups” claim identifies which groups the user belongs to in Tableau Cloud.

This allows your application to take the lead and assert users and their group memberships through Connected Apps as they access content. Now, you no longer have to provision users ahead of time or maintain their accounts in Tableau. Instead, you can leverage the work you’ve already done for your application.

A diagram depicts how Connected Apps facilitates communication between Tableau, an external application, and a webpage.

Connected Apps with Direct Trust creates a trust relationship between your Tableau Cloud site and external application. Connected Apps can also be configured with OAuth Trust 2.0

Boost Productivity with Streamlined Permissions

When you update group memberships or add users, you no longer need to worry about synchronizing those with Tableau. With on-demand access, Tableau Cloud will accept the group memberships that your application sends with each access request so it always works off the latest information. 

On-demand access uses group-level permissions. Setting these up still requires some work, but instead of updating membership in two places, you can make the updates in just your application and have those changes reflected in Tableau instantly. Now, you can maintain a single source of truth for users’ identities, roles, and privileges in your application–this means no synchronization jobs for you to build and monitor.

The allow on-demand access checkbox is used to enable the capability for a group.

Enhance Security with User-Attribute Functions

Since on-demand access uses Connected Apps, you can trust that you’re providing a secure authentication experience. Connected Apps uses JWTs to transfer information between your application and Tableau Cloud securely. On top of that, on-demand access users and their group memberships aren’t retained past the session to keep your organization in compliance with user information storage. However, you will still be able to monitor specific events, such as access view and login, using the Activity Log for auditing.

On-demand access keeps your data secure by ensuring consistent and up-to-date group memberships across your application and Tableau Cloud. To further enhance security, you can use User Attribute Functions. With user attribute functions, you can pass user attributes in the JWT at runtime to determine what data to display for each user. This gives you more granular control over data access policies. 

Want To Learn More?

Learn how Tableau Embedded Analytics can open new opportunities and transform your business. 

On-demand access is just one of the innovations we’ve released for Tableau Embedded Analytics. We also recently released the Tableau Embedding Playground, making developing custom code to embed Tableau in your application easier. You can learn about the rest of the new capabilities coming to Tableau in our 2023.3 release here.

관련 스토리

Einstein Copilot for Tableau Who is it For
Einstein Copilot for Tableau

Who is Einstein Copilot for Tableau for?

April Doud 2024/04/10
How your analytics AI assistant builds skills while uncovering insights.
Tableau Data Connect
Tableau Cloud

Securely Access and Analyze All of Your Data with Data Connect for Tableau Cloud

Sanjeev Verma 2024/04/03
Data Connect is a solution that allows for seamless data access across on-premises and cloud environments. With this streamlined and remotely operated solution, you can securely access and analyze all of your data no matter where it is.
Explanation and workflow how does Einstein Trust Layer work in Einstein Copilot for Tableau
Einstein Copilot for Tableau

How Can I Trust Einstein Copilot for Tableau?

Honto Ming 2024/04/02
Learn how Einstein Copilot for Tableau is built on top of the Einstein Trust Layer and inherits all of its security, governance, and Trust capabilities for AI-powered analytics.