Authentication refers to the options for how users can sign in to their Tableau Online site, and how they access it after signing in for the first time. Authentication verifies a user’s identity.
Tableau Online supports the following authentication types, which you can configure on the Authentication page.
Tableau: This is the built-in and default authentication type, requiring no additional configuration steps before you add users. Tableau credentials are made up of user name and password, which are stored with Tableau Online. Users enter their credentials directly on the Tableau Online sign-in page.
Tableau with MFA: This authentication type uses a combination of 1) TableauID credentials that are comprised of a username and password, which are stored with Tableau Online, and 2) after a successful TableauID authentication, the user is prompted to respond to an additional verification method before accessing the site. For more information, see Multi-Factor Authentication and Tableau Online.
Google: If your organisation uses Google applications, you can enable Tableau Online to use Google accounts for single sign-on (SSO) via OpenID Connect. When you enable Google authentication, users are directed to the Google sign-in page to enter their credentials, which are stored by Google.
Salesforce: If your organisation uses Salesforce, you can enable Tableau Online to use Salesforce accounts for single sign-on with OpenID Connect. When you enable Salesforce authentication, users are directed to the Salesforce sign-in page to enter their credentials, which are stored and managed in Salesforce. Minimal configuration may be required. For more information, see Salesforce Authentication.
SAML: Another way to use SSO is through SAML. To do this, you use a third-party identity provider (IdP), and configure the site to establish a trust relationship with the IdP. When you enable SAML, users are directed to the IdP’s sign-in page, where they enter their SSO credentials, already stored with the IdP.
Multi-factor authentication (MFA) is an authentication method to use in conjunction with one of the other authentication methods described above to enhance account security. MFA can be implemented in one of two ways:
SSO and MFA (recommended): We strongly recommend you enable MFA with your SSO identity provider (IdP).
Tableau with MFA: If you don’t work directly with an SSO IdP, you can instead enable a combination of 1) TableauID credentials, which are stored with Tableau Online, and an additional verification method before you and your users can access the site. For more information, see Multi-Factor Authentication and Tableau Online.
Note: In order to get ahead of the rise and constantly evolving threats that can cripple an organisation, MFA authentication will be a Tableau Online requirement beginning 1 February 2022. MFA is an effective tool for enhancing sign-in security and protecting your organisation and its data against security threats. For more information, see the Salesforce Multi-Factor Authentication FAQ(Link opens in a new window) in Salesforce Help.
About Google, Salesforce or SAML
If you enable Google or SAML authentication on your site, you can select which users you want to sign in using external credentials, and which to use Tableau credentials. You can allow TableauID and one external provider on a site, but each user must be set to use one or the other type. You can configure user authentication options on the Users page.
Important: In addition to these authentication requirements described above, we recommend that you dedicate a site administrator account that is configured for Tableau with MFA authentication. In the event of an issue with SAML or the IdP, a dedicated Tableau with MFA account helps ensure that you have access to your site.
Allow direct access from Tableau connected clients
By default, after users provide their credentials to sign in to a site, they can subsequently access the Tableau Online site directly from a connected Tableau client. To learn more, see Access Sites from Connected Clients.