Before you deploy Tableau Mobile, make sure that your confidential data will be secure.
Encrypt communication with SSL
As a first step, configure Tableau Server to use Secure Sockets Layer and an SSL certificate that your mobile devices trust. For details, see Configure External SSL(Link opens in a new window) in the Tableau Server help.
Certificates issued by major third-party authorities like VeriSign and GlobalSign are secure and trusted by mobile devices. But you can also use a certificate issued by your organization’s internal, enterprise certificate authority. To establish trust between either type of certificate and your company's mobile devices, see these options in the Tableau Knowledge Base(Link opens in a new window).
After you've encrypted communication between Tableau Mobile and Tableau Server, you don't need to take any further steps to encrypt Tableau data on mobile devices. Starting in version 2022.425.6173, Tableau Mobile automatically encrypts authentication tokens, site and server information, and data and metadata stored for offline content. This means that even if a device is stolen, unauthorized users won't be able to access sensitive data.
Tableau Mobile doesn't encrypt data where there is no sensitive information being stored, such as user settings, tracking GUIDs, and analytics and crash data. It also doesn't encrypt data temporarily stored on the device during the process of sharing content, because that data is removed as soon as the sharing process is complete.
Connect mobile users to Tableau Server behind your firewall
The recommended method for securing access to your network depends on your use of mobile application management (MAM) or mobile device management (MDM).
If you use MAM, set up a secure tunnel.
If you use MDM, set up per-app VPN.
If you don't manage devices, use standard VPN or a reverse proxy server.
Connect using a secure tunnel
With the unique iOS apps, Tableau Mobile for BlackBerry and Tableau Mobile for Workspace ONE, users can connect to Tableau Server simply by logging into the mobile app. To configure the necessary secure tunnel, see these resources from your MAM vendor:
Enable Secure Connect Plus(Link opens in a new window) in BlackBerry Dynamics help.
Introduction to VMware Tunnel(Link opens in a new window) in Workspace ONE help.
With mobile devices, you can use a VPN either as a stand-alone solution or integrated into an MDM tool like Workspace ONE, MobileIron, XenMobile, or Intune. These MDM tools let you create multiple VPN profiles with unique traffic rules you can apply to different device types and even individual apps. Per-app VPN provides maximum security.
The following resources from MDM vendors help you configure their global and per-app VPN options:
Citrix Endpoint Management help(Link opens in a new window) (formerly XenMobile)
Connect using a reverse proxy server
A reverse proxy server manages all traffic coming from the internet to Tableau Server. In conjunction with SSL, a reverse proxy authenticates traffic while concealing the IP address of the server from clients. For step-by-step setup, see Tableau Server Help for Windows(Link opens in a new window) or Linux(Link opens in a new window), and pay special attention to the details required for mobile clients.