Tableau Cloud
Last reviewed: 3 months ago
This guide covers how to configure Tableau Cloud ↗ as a SAML application in Cloudflare Zero Trust.
- An identity provider configured in Cloudflare Zero Trust
- Admin access to a Tableau Cloud site
- In Zero Trust ↗, go to Access > Applications.
- Select Add an application > SaaS.
- For Application, select Tableau.
- For the authentication protocol, select SAML.
- Select Add application.
- Copy the SAML Metadata endpoint.
- Keep this window open without selecting Select configuration. You will finish this configuration in step 4. Finish adding a SaaS application to Cloudflare Zero Trust.
- Paste the SAML Metadata endpoint from application configuration in Cloudflare Zero Trust in a web browser.
- Follow your browser-specific steps to download the URL’s contents as an
.xml
file.
- In Tableau Cloud, go to Settings > Authentication.
- Turn on Enable an additional authentication method. For select authentication type, select SAML.
- Under 1. Get Tableau Cloud metadata, copy the Tableau Cloud entity ID and Tableau Cloud ACS URL.
- Under 4. Upload metatdata to Tableau, select Choose a file, and upload the
.xml
file created in step 2. Download the metadata file - Under 5. Map attributes, turn on Full name. For Name (full name), enter
name
. - (Optional) Choose whether users who are accessing embedded views will Authenticate in a separate pop-up window or Authenticate using an inline frame.
- Select Save Changes.
- In your open Zero Trust window, fill in the following fields:
- Entity ID: Tableau Cloud entity ID from Tableau Cloud SAML SSO set-up.
- Assertion Consumer Service URL: Tableau Cloud ACS URL from Tableau Cloud SAML SSO set-up.
- Name ID format: Email
- Select Save configuration.
- Configure Access policies for the application.
- Select Done.
- In Tableau Cloud, go to Settings > Authentication.
- Under 7. Test Configuration, select Test Configuration.
- Sign in. If your sign-in is successful, You are now signed in as (username) will appear at the top of the page.
- Close the pop-up window.
- (Optional) Under Default Authentication Type for Embedded Views, turn on cloudflareaccess.com (SAML). You can also configure the default authentication type for individual users under Users > Actions > Authentication.