Tableau Online auth with SAML on Azure AD

If you are using Tableau Online and want to configure authentication to use SAML in Azure AD then you are in the right place.

To start configuring Tableau Online logon to your site https://online.tableau.com

1. Go to Settings / Authentication, under Authentication types Select Edit Connection

Click Edit Connection

2. Select Export metadata and save the XML file to your desktop and name it Tableau_Online_SAML.xml

Microsoft Azure

3. Login to your Azure portal and navigate to Azure Active Directory / Enterprise Applications.

4. Select Create New Application and search for Tableau Online

5. Fill in a unique name for the application and click Add

(In my example I used the name as shown in the example below)

Tableau_Online

6. Go back to Enterprise Applications and select the Application that you created in step 5 (Tableau_Online)

7. Select Single sign-on / SAML

8. Select Upload metadata file and upload the file that you created in step 2

(In my example the xml file is named as in the example below)

Tableau_Online_SAML.xml

9. Confirm that Identifier (Entity ID), Reply URL and Sign-on URL have been imported correctly (See below how the values are imported from TOL)

User Attributes and Claims

10. Confirm that you are using Required Claim / Claim Name is set to user.userprincipalname

See the example below:

11. Click SAML-based Sign-on in bread crumb

12. Click Download under SAML Signing Certificate/Federation Metadata XML

(In my example the SAML signing Cetificate Download action produced the file below)

Tableau Online Production.xml

13. In the Azure Portal go to Users and Groups for the Tableau Application that you created in Step 6 and add the user/users that will be using Tableau to it or add an Azure AD Group that contains the users.

Important

The users will not be able to login to Tableau if they do not have permissions to the Tableau Online Production Application.

Import Metadata file to TOL

14. In TOL to Settings / Authentication, under Authentication types Select Edit Connection

15. Scroll down to “Step 4 Import Metadata file to Tableau Online”

16. Select “Choose a file”, browse to the file that you downloaded from Azure in step 12, and Select Apply

Enable SAML on TOL

17. Go to Settings/Authentication

18. Select Enable an additional authentication method

19. Select microsoftonline.com (SAML)

Users

20. Create a TOL user that matches the Azure AD user and change the authentication method from Tableau to SAML

User name format

Confirm functionality

21. Logon to your site https://online.tableau.com

If you have configured the previous steps correctly you will be redirected to Azure AD Login

Walk thru the steps in the Azure AD Authentication Process and you should now be redirected to your Tableau Online Site