Using SSO on Tableau Server

This article describes how you can use Single Sign On (SSO) from Metric Insights to Tableau Server. The procedure includes the following steps:

  1. Configure Tableau Server for this functionality
  2. In Metric Insights choose to use SSO for Tableau.

In Tableau Server you will configure Trusted Authentication. The steps for doing this are covered in this article. Trusted authentication simply means that you have set up a trusted relationship between Tableau Server and the Metric Insights. When Tableau Server receives requests from Metric Insights, Tableau assumes the credentials of the Metric Insights user.

For more detailed information on Trusted Authentication in Tableau Server, refer to the Tableau Server Administration Guide.

1. Username is the same on Metric Insights and Tableau Server

To use SSO, each username created on Metric Insights must have an identical username in Tableau Server. For example, if you sign in with username 'admin' in Metric Insights, then to be able to SSO to Tableau server you must also have the username 'admin' in Tableau server. This is true for all usernames that you want to have SSO ability for.

If your username in Metric Insights does not have an identical username in Tableau server, then you do not get SSO to Tableau for this user.

1.1. Find IP address of Metric Insights instance

You only need to do this for versions of Tableau server 8.0 and prior. For Tableau server 8.1 and beyond, you can use the fully qualified domain name of the Metric Insights instance.

For example, one way to find is from the following:

root@demo:~# ifconfig
eth0      Link encap:Ethernet  HWaddr   
          inet addr:10.146.246.13
root@sandbox:~# ifconfig
eth0      Link encap:Ethernet  HWaddr   
          inet addr:10.192.61.233

 

1.2. Configure Tableau Server for trusted authentication

Use Tableau Server command line utilities to add Metric Insights IP address (or fully qualified domain name for Tableau server 8.1 and beyond) to list of trusted sites.

Using Metric Insights IP address:

D:\Tableau\Tableau Server\10.1\bin> .\tabadmin.bat set wgserver.trusted_hosts "10.146.246.13, 10.192.61.233"
D:\Tableau\Tableau Server\10.1\bin> .\tabadmin.bat config
D:\Tableau\Tableau Server\10.1\bin> .\tabadmin.bat restart

Using Metric Insights fully qualified domain name:

D:\Tableau\Tableau Server\10.1\bin> .\tabadmin.bat set wgserver.trusted_hosts "mi-dev.mycompany.com, mi-prod.mycompany.com"
D:\Tableau\Tableau Server\10.1\bin> .\tabadmin.bat config
D:\Tableau\Tableau Server\10.1\bin> .\tabadmin.bat restart

 

1.3. Verify trusted authentication from Metric Insights for the user

From Metric Insights server run a command line utility to confirm trusted authentication to Tableau server. Use a username that exists on Tableau server. For example, 'admin'

curl  -k -dusername=admin https://tableau-test.metricinsights.com/trusted/
curl -3 -k -dusername=admin https://tableau-test.metricinsights.com/trusted/
curl -ssl -k -dusername=admin https://tableau-test.metricinsights.com/trusted/

In the curl request, supply the username (e.g., 'admin') and the url of Tableau server (e.g., https://tableau-test.metricinsights.com/trusted/). Any of the above curl request arguments should work.

The above curl request returns -1 from Tableau server if not trusted, and returns non-negative ticket value if trusted. For example,

Not trusted:

root@sandbox:~# curl -3 -k -dusername=admin https://tableau-test.metricinsights.com/trusted/
-1 

Trusted:

root@sandbox:~# curl -3 -k -dusername=admin https://tableau-test.metricinsights.com/trusted/
Co_GwPDEfUzAuj1mDO2MH-FE

 

2. Configure Metric Insights for Tableau SSO

The following steps show how to configure Metric Insights for SSO to Tableau Server

2.1. Add External Report Type for Tableau SSO

  • Add External Report Type for Tableau SSO at Admin > Advanced > External Report Types.
  • Alternatively, you can do this while creating a new External Report (the procedure is described below and shown at the picture above):
    1. In the Report Type field choose Add New Report Type from the drop-down list or click a Plus button.
    2. Then choose Tableau Single-Sign in the Drill-Down Authentication field. For more details on creating Report Types refer to: Create a new External Report Type

NOTE: If you already have an existing External Report Type defined for Tableau, you can enable SSO authentication for all reports associated with this type by modifying the Drill Down Authentication setting.

0 Comments

Add your comment

E-Mail me when someone replies to this comment