Okta

How to Configure SAML 2.0 for Tableau Online

Contents

Supported Features

The Okta/Tableau Online SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

  1. Sign into Tableau Online as a Site Administrator.

  2. Navigate to Settings > Authentication, check Enable an additional authentication method option, select SAML, then click Edit Connection:

    Navigate to Settings > Authentication, check Enable an additional authentication method option, select SAML, and then click Edit Connection

  3. Enter the following information:

    • For # 1: Export metadata from Tableau Online

      • Export metadata: Click on this button to download your Tableau Online metadata. Once downloaded, open the file and copy your SingleLogoutService Location (this is your Single Logout URL). It should be similar to the tag below (copy the bolded part):

        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sso.online.tableau.com/public/sp/SLO?alias=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"/>

      • Tableau Online entity ID: Make a copy of the this value.

      • Assertion Consumer Service URL (ACS): Make a copy of the this value.

      • Download Certificate: Click Download certificate to download your Tableau Online certificate.

    • For # 4: Import metadata file into Tableau Online

      • IdP metadata file: Download, then upload the following metadata file, then click Apply:

        Sign into the Okta Admin dashboard to generate this value.

      Copy Entity ID and ACS values, enter IdP Metadata file

    • For # 5: Match attributes

      • Email: Type email.

      • First name: Type firstname.

      • Last name: Type lastname.

      • Click Apply:

      Match Attributes

  4. Go to the Users tab, select a user, then select Actions > Authentication:

    Go to the Users, select a user, then select Actions > Authentication:

  5. Select okta.com (SAML) as the Authentication, then click Update:

    Select okta.com (SAML) as the Authentication, then click Update:

  6. In Okta, select the Sign On tab for the Tableau Online SAML app, then click Edit:

    • Check Enable Single Logout.

    • Click Browse to select the Tableau Online certificate you downloaded in step 3.

    • Click Upload.

    • Enter the Tableau Online entity ID, Assertion Consumer Service URL (ACS), and Single Logout URLvalues you made a copy of in step 3 into the corresponding fields.

    • Click Save:

    Upload the Tableau certificate, en the Assertion Consumer Service URL (ACS), Tableau Online entity ID, and Single Logout URL values into Okta

  7. Done!

Notes

The following SAML attributes are supported:


SP-initiated SSO

  1. Go to your Tableau Online URL.

  2. Enter your email:

    Go to your Tableau Online URL, enter your email

  3. Click Sign In:

    Click Sign In