Configuring SAML SSO with Tableau and PingOne - PingOne Cloud Platform

Page created: 23 Dec 2021 |

Page updated: 23 Dec 2021

| 2 min read

PingOne PingOne Cloud Platform Product SAML Standards, specifications, and protocols Single Sign-on (SSO) Capability

Learn how to enable Tableau SSO in PingOne (IdP and SP-initiated).

Configure PingOne to authenticate against an identity repository containing the users requiring application access.
An Email Attribute is required in the assertion, either the SAML Subject or another SAML attribute per the SAML configuration. The value of the Email Attribute must be a valid email address. This attribute is used to uniquely identify the user in the organization.

Export the metadata from Tableau:
1. Sign on to Tableau with an administration account.
2. Go to Settings > Authentication.
3. Select the Enable an additional authentication method check box.
4. Select the SAML authentication method.
5. Expand the Edit Connection section.
6. Click Export Metadata.
Create the Tableau SP connection:
1. In the PingOne admin portal, go to Connections > Applications.
2. Create an SP connection for Tableau by selecting Add application.
3. When you’re prompted to select an application type, select WEB APP and then click Configure next to SAMLfor the chosen connection type.
4. Enter a unique name for the application.
5. Import the Tableau metadata.
6. Select the signing certificate.
7. Confirm that the EntityID and endpoints are correct.
8. Enter a suitable value for Assertion Validity Duration (in seconds). A value of 300 seconds is typical.
9. Click Save and Continue.
10. Define the Tableau assertion requirements.
11. Click the toggle to enable the application.
12. On the Configuration tab for the Tableau application, on the Download Metadata line, click Download.
Import the metadata in Tableau:
1. Upload the PingOne metadata file and click Apply.
2. Confirm that the IdP entityID and SSO service URL are correct.
3. Test the connection.
4. Match the Tableau attributes to the assertion attributes and click Apply.
Test the IdP-initiated SSO integration:
1. Go to the PingOne Application Portal and sign on with a user account.
  
  Note:
  In the Admin console, go to Dashboard > Environment Properties to find the PingOne Application Portal URL.
2. Click the Tableau icon.
  
  You're redirected to the Tableau website and logged in with SSO.
Test the SP-initiated SSO integration:
1. Go to the Tableau sign on page and enter the email address that will redirect to PingOne.
2. In the PingOne sign-on prompt, enter your PingOne username and password.
  
  You're redirected back to Tableau and signed on with SSO.

Configuring SAML SSO with Tableau and PingOne - PingOne Cloud Platform - PingOne

Configuration Guides