Authentication refers to the options for how users can sign in to their Tableau Online site, and how they access it after signing in the first time. Authentication verifies a user’s identity.

Tableau Online supports the following authentication types, which you can configure on the Authentication page.

  • Tableau: This is the default authentication type, available on all sites, requiring no additional configuration steps before you add users. Tableau credentials are made up of user name and password, which are stored with Tableau Online. Users enter their credentials directly on the Tableau Online sign-in page.

  • Google: If your organization uses Google applications, you can enable Tableau Online to use Google accounts for single sign-on (SSO) via OpenID Connect. When you enable Google authentication, users are directed to the Google sign-in page to enter their credentials, which are stored by Google.

  • Salesforce: If your organization uses Salesforce, you can enable Tableau Online to use Salesforce accounts for single sign-on with OpenID Connect. When you enable Salesforce authentication, users are directed to the Salesforce sign-in page to enter their credentials, which are stored and managed in Salesforce. Minimal configuration may be required. See Salesforce Authentication.

  • SAML: Another way to use SSO is through SAML. To do this, you use a third-party identity provider (IdP), and configure the site to establish a trust relationship with the IdP. When you enable SAML, users are directed to the IdP’s sign-in page, where they enter their SSO credentials, already stored with the IdP.

If you enable Google or SAML authentication on your site, you can select which users you want to sign in using external credentials, and which to use Tableau credentials. You can allow TableauID and one external provider on a site, but each user must be set to use one or the other type. You can configure user authentication options on the Users page.

Important: In addition to these requirements, we recommend that you dedicate a site administrator account that is always configured for Tableau authentication. In the event of an issue with SAML or the IdP, a dedicated TableauID account ensures that you always have access to your site.

Allowing direct access from Tableau connected clients

By default, after users provide their credentials to sign in to a site, they can subsequently access the Tableau Online site directly from a connected Tableau client. To learn more, see Access Sites from Connected Clients.

Thanks for your feedback!