By default, Tableau Cloud allows users to access their sites directly from a Tableau client. It allows this access after the user provides credentials the first time they sign in from the client. A client in this case is a Tableau application or service that can exchange information with Tableau Cloud. Examples of Tableau clients include Tableau Desktop, Tableau Bridge and Tableau Mobile.
Tableau Cloud establishes a connected client by creating a secure access token that uniquely identifies a user when the user signs in from the client.
Connected client requirement for Tableau Bridge
The default connected client option must remain enabled for the site to allow Tableau Bridge clients to run unattended and, if enabled, support multi-factor authentication with Tableau authentication. If connected clients are disabled for the site, Bridge can only support Tableau username and password authentication.
Note: If multi-factor authentication (MFA) is enabled with Tableau authentication, Bridge clients must be running Tableau Bridge version 2021.1 and later. For more information about Tableau with MFA, see About multi-factor authentication and Tableau Cloud(Link opens in a new window).
Opt out of allowing connected clients
Site admins can turn off this functionality, to require users to sign in explicitly each time they visit Tableau Cloud.
Opting out is recommended if SAML is enabled on your site, and you want to ensure that users do not have access to Tableau Cloud when they are removed from the IdP’s SAML directory.
Sign in to Tableau Cloud with your site admin credentials.
Select Settings, and then select the Authentication tab.
Under Connected clients, clear the Let clients automatically connect to this Tableau Cloud site tick box.
If you opt out of connected clients, keep the following points in mind:
Some clients provide a Remember Me tick box, which users can select to remember their username. Users always need to provide their password.
For sites configured for single sign-on using SAML authentication, users have direct access to the site after they sign in the first time. They can do this if they do not sign out explicitly by selecting the Sign Out link.
Remove a user’s connected clients
Site administrators can remove clients (access tokens) associated with a particular user, for example, if the user is no longer a member of the site or is seeing a message about exceeding the maximum number of clients in their account.
Select Users, and on the Site Users page, select the link on the user's display name.
On the user's page, select the Settings tab.
In the Connected clients section, remove the appropriate clients.
Users also can go to their own account settings page to remove specific clients.