Configure SAML with Okta

If you use Okta as your SAML identity provider (IdP), you can use the information in this topic to set up SAML authentication for your Tableau Online site.

Note: These steps reflect a third-party application and are subject to change without our knowledge. If the steps described here do not match the screens you see in your IdP account, you can use the general SAML configuration steps, along with the IdP’s documentation.

Open the Tableau Online SAML settings

To configure the Okta application, you will need to use information in the Tableau Online SAML settings.

  1. Sign in to your Tableau Online site as a site administrator, and select Settings > Authentication.

  2. On the Authentication tab, select Enable an additional authentication method, select SAML, and then select Edit connection.

    Screen shot of Tableau Online site authentication settings page

Add Tableau Online to your Okta applications

  1. Open a new browser tab or window, and sign in to your Okta administrator console.

  2. On the Applications tab, click the Add Application button. Search for Tableau, and then add the Tableau Online application.

    This opens the General Settings tab.

  3. (Optional) If you have more than one Tableau Online site, include the site name in the Application label field, to help users know which site to select when they sign in.

  4. Click Done to open the Assignments tab.

  5. Click Assign > Assign to People and click the Assign button beside each user you want to approve for single sign-on access to Tableau Online.

  6. Click Done. Make sure users’ email addresses appear in the Username field.

  7. Select the Sign On tab. In the Settings section, click Edit.

  8. Switch to the tab or window where you opened the Tableau Online SAML configuration settings, and in Step 1 of those settings, select and copy the Tableau Online entity ID.

    Note: The Tableau Online SAML configuration settings appear in a different order than on the Okta settings page. To prevent SAML authentication issues, make sure that the Tableau Online entity ID and Assertion Consumer Service (ACS) URL are entered into the correct fields in Okta.

  9. Return to the Okta admin console general settings, and paste the URL into the corresponding field.

  10. Repeat the previous two steps for the Assertion Consumer Service (ACS) URL. Click Save.

  11. Right-click Identity Provider Metadata and click Save link as to download the metadata XML file.

  12. Click View Setup Instructions and complete the steps to import the IdP metadata, provide the IdP entity ID and SSO service URL, and match email and display name attributes. Switch to the tab or window where you opened the Tableau Online SAML configuration settings. Note: When importing the Okta metadata file into Tableau Online, it might be necessary to refresh the page after clicking Apply to see the changes.

(Optional) Enable iFrame embedding

When you enable SAML on your site, you need to specify how users sign in to access views embedded in web pages. These steps configure Okta to allow authentication using an inline frame (iFrame) for embedded views. Inline frame embedding may provide a more seamless user experience when signing-on to view embedded visualizations. For example, if a user is already authenticated with your identity provider and iFrame embedding is enabled, the user would seamlessly authenticate with Tableau Server when browsing to pages that contain an embedded visualizations.

Caution: Inline frames can be vulnerable to a clickjack attack. Clickjacking is a type of attack against web pages in which the attacker tries to lure users into clicking or entering content by displaying the page to attack in a transparent layer over an unrelated page. In the context of Tableau Online, an attacker might try to use a clickjack attack to capture user credentials or to get an authenticated user to change settings. For more information about clickjack attacks, see Clickjacking(Link opens in a new window) on the Open Web Application Security Project website.

  1. Open a new browser tab or window, and sign in to your Okta administrator console.

  2. On the Home page, click Admin to open the Administrator Dashboard.

  3. On the Settings menu, click Customization.

  4. Under iFrame Embedding, select Allow iFrame embedding.

Add users to the SAML-enabled Tableau site

  1. After you complete the Okta configuration steps, return to your Tableau Online site.

  2. Complete the SAML connection by adding the users you assigned in the Okta admin console to Tableau Online.

Thanks for your feedback!