Learn how to enable Tableau SSO in PingOne (IdP and SP-initiated).
- Configure PingOne to authenticate against an identity repository containing the users requiring application access.
- An Email Attribute is required in the assertion, either the SAML Subject or another SAML attribute per the SAML configuration. The value of the Email Attribute must be a valid email address. This attribute is used to uniquely identify the user in the organization.
Export the metadata from Tableau:
- Sign on to Tableau with an administration account.
- Go to .
- Select the Enable an additional authentication method check box.
- Select the SAML authentication method.
- Expand the Edit Connection section.
Click Export Metadata.
Create the Tableau SP connection:
- In the PingOne admin portal, go to .
- Create an SP connection for Tableau by selecting Add application.
- When you’re prompted to select an application type, select WEB APP and then click Configure next to SAMLfor the chosen connection type.
- Enter a unique name for the application.
- Import the Tableau metadata.
- Select the signing certificate.
- Confirm that the EntityID and endpoints are correct.
- Enter a suitable value for Assertion Validity Duration (in seconds). A value of 300 seconds is typical.
- Click Save and Continue.
Define the Tableau assertion requirements.
- Click the toggle to enable the application.
On the Configuration tab for the Tableau
application, on the Download Metadata line, click
Import the metadata in Tableau:
- Upload the PingOne metadata file and click Apply.
- Confirm that the IdP entityID and SSO service URL are correct.
- Test the connection.
Match the Tableau attributes to the assertion attributes and click
Test the IdP-initiated SSO integration:
Go to the PingOne
Application Portal and sign on with a user account.
In the Admin console, go to PingOne Application Portal URL.to find the
Click the Tableau icon.
You're redirected to the Tableau website and logged in with SSO.
- Go to the PingOne Application Portal and sign on with a user account.
Test the SP-initiated SSO integration:
- Go to the Tableau sign on page and enter the email address that will redirect to PingOne.
In the PingOne
sign-on prompt, enter your PingOne username and password.
You're redirected back to Tableau and signed on with SSO.