Using Trusted Auth on Tableau Server

This article describes how you can use Trusted Auth from Metric Insights to Tableau Server. The procedure includes the following steps:

  1. Configure Tableau Server for this functionality
  2. Configure Metric Insights for Tableau Trusted Auth

In Tableau Server you will configure Trusted Authentication. The steps for doing this are covered in this article. Trusted authentication simply means that you have set up a trusted relationship between Tableau Server and the Metric Insights. When Tableau Server receives requests from Metric Insights, Tableau assumes the credentials of the Metric Insights user.

For more detailed information on Trusted Authentication in Tableau Server, refer to the Tableau Server Administration Guide.

If the Trusted Authentication is set up at your Tableau server, you should define your Metric Insights instance's IP or Host name as "trusted".

Follow the link to get step-by-step instructions on how to do it.

1. Configure Tableau Server for Trusted Auth

To use Tableau Trusted Auth, each Username created on Metric Insights must have an identical Username in Tableau Server. For example, if you sign in with Username 'Mary Jane' in Metric Insights, then to be able to sign on to Tableau server you must also have the Username 'Mary Jane' in Tableau server.

1.1. Find IP Address of Metric Insights Instance (for Tableau Server v8.0 and prior)

For Tableau server 8.1 and beyond, you can use the fully qualified domain name of the Metric Insights instance.

For example, one way to find is from the following:

root@demo:~# ifconfig
eth0      Link encap:Ethernet  HWaddr   
          inet addr:10.146.246.13
root@sandbox:~# ifconfig
eth0      Link encap:Ethernet  HWaddr   
          inet addr:10.192.61.233

 

1.2. Configure Tableau Server for Trusted Authentication

Starting Version 2018.2+ Tableau Server on Windows includes Tableau Services Manager (TSM), which replaces the Configuration Utility and the command line tool. 

1.2.1. Tableau Version 2018.2+ (via Tableau Services Manager)

PREREQUISITES

Sign in to Tableau Services Manager Web UI

Having signed in to Tableau Services Manager:

  1. Click [User Identity & Access] on the Configuration tab
  2. Under Trusted Authentication, for each trusted host, enter the hostname or IP address and then click [Add]
    • Optionally, specify Token Length value
  3. Save Pending Changes
  4. Click [Pending Changes] that appears at the top of the page
  5. Apply Changes and Restart
1.2.2. Prior to Tableau Version 2018.2 (via command line tool)

Use Tableau Server command line utilities to add Metric Insights IP address (or fully qualified domain name for Tableau server 8.1 and beyond) to the list of trusted sites.

Using Metric Insights IP address:

D:\Tableau\Tableau Server\10.1\bin> .\tabadmin.bat set wgserver.trusted_hosts "10.146.246.13, 10.192.61.233"
D:\Tableau\Tableau Server\10.1\bin> .\tabadmin.bat config
D:\Tableau\Tableau Server\10.1\bin> .\tabadmin.bat restart

Using Metric Insights fully qualified domain name:

D:\Tableau\Tableau Server\10.1\bin> .\tabadmin.bat set wgserver.trusted_hosts "mi-dev.mycompany.com, mi-prod.mycompany.com"
D:\Tableau\Tableau Server\10.1\bin> .\tabadmin.bat config
D:\Tableau\Tableau Server\10.1\bin> .\tabadmin.bat restart

 

1.3. Verify Trusted Auth from Metric Insights for the User

From Metric Insights server, run a command line utility to confirm trusted authentication to Tableau server. Use a username that exists on Tableau server. For example, 'admin'

curl  -k -dusername=admin https://tableau-test.metricinsights.com/trusted/
curl -3 -k -dusername=admin https://tableau-test.metricinsights.com/trusted/
curl -ssl -k -dusername=admin https://tableau-test.metricinsights.com/trusted/

In the curl request, supply the username (e.g., 'admin') and the url of Tableau server (e.g., https://tableau-test.metricinsights.com/trusted/). Any of the above curl request arguments should work.

The above curl request returns -1 from Tableau server if not trusted, and returns non-negative ticket value if trusted. For example,

Not trusted:

root@sandbox:~# curl -3 -k -dusername=admin https://tableau-test.metricinsights.com/trusted/
-1

Trusted:

root@sandbox:~# curl -3 -k -dusername=admin https://tableau-test.metricinsights.com/trusted/
Co_GwPDEfUzAuj1mDO2MH-FE

 

1.4. Enable Variable ALLOW_TRUSTED_SERVER_USERNAME_OVERRIDE

Assign the "Y" Value to the ALLOW_TRUSTED_SERVER_USERNAME_OVERRIDE variable to let MI Users be mapped to licensed Tableau Users.

1.5. Specify Username to Be Used for Trusted Server Sign-on

1.6. Configure Plugin Connection Profile Parameters

Access Admin>Data Sources

  1. Set "trusted" for Auth Method

NOTE: This must be a service account. The service account is needed for collecting data and metadata. As an individual user, Trusted Auth needs to be used for collecting images.

2. Configure Metric Insights for Tableau Trusted Auth

The following steps show how to configure Metric Insights for Trusted Auth

2.1. Add External Report Type for Tableau Trusted Auth

Access Admin>Advanced>External Report Types

  1. In the Report Type field choose Add New Report Type from the drop-down list.
  2. Then choose Tableau Single-Sign in the Drill-Down Authentication field.

NOTE: If you already have an existing External Report Type defined for Tableau, you can enable authentication for all reports associated with this type by modifying the Drill Down Authentication setting to Tableau Single-Sign.

Alternatively, you can do this while creating a new External Report (the procedure is described Create a new External Report Type)