Secure Communication and Data for Tableau Mobile
Before you deploy Tableau Mobile, make sure that your confidential data will be secure.
Configure Tableau Mobile app security policies
Starting in December 2022, you can adjust Tableau Cloud security policies for Tableau Mobile. These policies help you keep your data secure by checking to see if mobile devices are compromised and by limiting certain interactions with the app. For more information, see Tableau Mobile App Security Settings in the Tableau Cloud help.
The policies apply to only the standard version of Tableau Mobile, not the MAM versions of the app. If you have deployed an MAM app, use the appconfig parameters specific to Tableau Mobile, in addition to your MAM system’s settings, to secure the app.
Encrypt communication with SSL
As a first step, configure Tableau Server to use Secure Sockets Layer and an SSL certificate that your mobile devices trust. For details, see Configure External SSL(Link opens in a new window) in the Tableau Server help.
Certificates issued by major third-party authorities like VeriSign and GlobalSign are secure and trusted by mobile devices. But you can also use a certificate issued by your organisation’s internal, enterprise certificate authority. To establish trust between either type of certificate and your company's mobile devices, see these options in the Tableau Knowledge Base(Link opens in a new window).
Data encryption on mobile devices
After you've encrypted communication between Tableau Mobile and Tableau Server, you don't need to take any further steps to encrypt Tableau data on mobile devices. Starting in version 2022.425.6173, Tableau Mobile automatically encrypts authentication tokens, site and server information, and data and metadata stored for offline content. This means that even if a device is stolen, unauthorised users won't be able to access sensitive data.
Tableau Mobile doesn't encrypt data where there is no sensitive information being stored, such as user settings, tracking GUIDs and analytics and crash data. It also doesn't encrypt data temporarily stored on the device during the process of sharing content, because that data is removed as soon as the sharing process is complete.
Connect mobile users to Tableau Server behind your firewall
The recommended method for securing access to your network depends on your use of mobile application management (MAM) or mobile device management (MDM).
If you use MAM, set up a secure tunnel.
If you use MDM, set up per-app VPN.
If you don't manage devices, use standard VPN or a reverse proxy server.
Connect using a secure tunnel
With the unique iOS apps, Tableau Mobile for BlackBerry and Tableau Mobile for Workspace ONE, users can connect to Tableau Server simply by logging in to the mobile app. To configure the necessary secure tunnel, see these resources from your MAM vendor:
Enable Secure Connect Plus(Link opens in a new window) in BlackBerry Dynamics help.
Introduction to VMware Tunnel(Link opens in a new window) in Workspace ONE help.
Connect using a virtual private network
With mobile devices, you can use a VPN either as a stand-alone solution or integrated into an MDM tool like Workspace ONE, MobileIron, XenMobile or Intune. These MDM tools let you create multiple VPN profiles with unique traffic rules you can apply to different device types and even individual apps. Per-app VPN provides maximum security.
The following resources from MDM vendors help you configure their global and per-app VPN options:
Workspace ONE help for iOS(Link opens in a new window) and Android(Link opens in a new window)
MobileIron help(Link opens in a new window) (Also see Per-app VPN(Link opens in a new window).)
Citrix Endpoint Management help(Link opens in a new window) (formerly XenMobile)
Connect using a reverse proxy server
A reverse proxy server manages all traffic coming from the internet to Tableau Server. In conjunction with SSL, a reverse proxy authenticates traffic while concealing the IP address of the server from clients. For step-by-step setup, see Tableau Server Help for Windows(Link opens in a new window) or Linux(Link opens in a new window), and pay special attention to the details required for mobile clients.