Tableau Cloud Manager Authentication

Authentication refers to the options for how cloud administrators can sign in to Tableau Cloud Manager (TCM), and how they access it after signing in the first time. Authentication verifies a user’s identity.

TCM supports multiple authentication types, which you can configure on the Settings page. The configuration steps discussed in this topic are limited to TCM, with site administrators configuring site authentication separately.

Authentication requirements

Regardless of the authentication type you configure, multi-factor authentication (MFA) is the default and mandatory authentication method when accessing TCM. MFA ensures that users provide an additional verification method beyond their primary credentials, significantly enhancing sign-in security and protecting your organisation’s data.

Implementing MFA

Multi-factor authentication (MFA) is a multi-step login process that requires users to provide more than just a password to access their accounts. MFA can be implemented in one of two ways:

  • Single sign-on (SSO) and MFA (recommended method): To satisfy the MFA requirement, enable MFA with your Google or Salesforce identity provider (IdP).

  • Tableau with MFA (alternative method): If you don’t work directly with an SSO IdP, you can instead enable a combination of 1) Tableau with MFA credentials, which are stored with Tableau, and 2) an additional verification method before cloud administrators access TCM. We also recommend that users set up recovery codes as a backup verification method for emergency cases only. For more information, see Multi-Factor Authentication and Tableau Cloud.

Supported authentication types

Tableau Cloud Manager (TCM) supports the following authentication types:

  • SSO: If you enable external authentication on TCM, you can select which users you want to sign in using external credentials, and which to use Tableau credentials. You can allow Tableau with MFA and one external provider on TCM, but each user must be set to use one or the other type. You can configure user authentication options on the Users page. For more information, see Manage Users With Tableau Cloud Manager.

    • Google: If your organisation uses Google applications, you can enable TCM to use Google accounts for single sign-on (SSO) with MFA using OpenID Connect (OIDC). When you enable Google authentication, users are directed to the Google sign-in page to enter their credentials, which are stored with Google.

    • Salesforce: If your organisation uses Salesforce, you can enable TCM to use Salesforce accounts for single sign-on (SSO) with MFA using OpenID Connect (OIDC). When you enable Salesforce authentication, users are directed to the Salesforce sign-in page to enter their credentials, which are stored and managed in Salesforce

  • Tableau with MFA: The built-in and default authentication type. It requires users to provide their Tableau ID (username and password stored with TCM) and an MFA verification method, such as an authenticator app or security key, to confirm a user's identity. For more information about supported MFA methods, see Multi-Factor Authentication and Tableau Cloud.

Important: In addition to the authentication requirements described above, we recommend that you dedicate a cloud administrator account that is configured for Tableau with MFA authentication. If you encounter an issue, a dedicated Tableau with MFA account helps ensure that you have access to TCM.

Step 1: Configure authentication for Tableau Cloud Manager

To configure authentication in Tableau Cloud Manager (TCM), follow these steps:

  1. Sign in to Tableau Cloud Manager as a cloud administrator.

  2. Navigate to the Settings page.

  3. Under Authentication types, select Enable an additional authentication method.

  4. From the drop-down menu, select your preferred authentication type.

  5. Click Save Changes.

Step 2: Assign authentication to cloud administrators

After configuring TCM authentication, you can assign the authentication method to cloud administrators on the Users page. For more information about changing other user details, see Manage Users With Tableau Cloud Manager.

To assign authentication, follow these steps:

  1. Sign in to Tableau Cloud Manager as a cloud administrator.

  2. Navigate to the Users page and select the users to modify.

    Note: You can select up to 50 users at a time. To modify more than 50 users, import a CSV file containing the desired changes. For more information about modifying users in bulk, see Bulk import users.

  3. Select Actions > Site Membership.

  4. Select an authentication method from the Authentication for Tableau Cloud Manager drop-down menu.

  5. Click Save.

Configure authentication for Tableau Cloud sites

Site authentication is configurable only by site administrators directly at the site level. If you're a cloud administrator, you must also have site administrator privileges to change authentication settings.

To modify site authentication, follow these steps:

  1. Sign in to Tableau Cloud Manager as a cloud administrator.

  2. Navigate to the Sites page.

  3. Click the ellipsis icon (...) next to the site you want to modify.

  4. From the Actions menu, select Authentication Type to redirect to the site's authentication settings. For more information about configuring site authentication as a site administrator, see Authentication.

If you're not a site administrator, a dialog is displayed with instructions on how to assign the necessary role. You must be a site administrator with the Site Administrator Explorer or Site Administrator Creator role to proceed with configuring site authentication.

Assign user authentication for site users

As a cloud administrator, you can't directly configure site authentication settings. However, if multiple authentication methods are set up on the site, you can modify a user's authentication to a site on the Users page of Tableau Cloud Manager. For more information, see Manage users’ site membership.

Thanks for your feedback!Your feedback has been successfully submitted. Thank you!