Disable Automatic Client Authentication

After Tableau connected clients (e.g., Tableau Desktop, Tableau Mobile, Tableau Prep Builder, etc.) and personal access tokens (PATs) successfully sign in to Tableau Server, they are automatically authenticated in the future. Both connected client sessions and PATs are managed by refresh tokens.

By default, refresh tokens reset after a year. If a refresh token has not been used in 14 days, then it will expire. As a server administrator, you can change these values by setting the refresh_token.absolute_expiry_in_seconds and refresh_token.idle_expiry_in_seconds options. See tsmĀ configuration set Options.

As a Tableau Server administrator you can also disable automatic authentication for connected clients. In this case, session expiration is solely governed by Tableau Server session behavior, which manages web authoring sessions. See 9. Verify session lifetime configuration. Web authoring sessions are not considered a "connected client," and they do not use refresh tokens.

To immediately disconnect connected clients from Tableau Server and require users to sign in every time they connect:

  1. Sign in to Tableau Server as a server administrator.

  2. In the site menu, click Manage All Sites, and then click Settings > General.

  3. Under Connected Clients, clear the Let clients to automatically connect to Tableau Server check box.

  4. Click Save button at the top or bottom of the page.

Note: This setting described above only applies to connected clients and does not affect the creation and redemption of PATs.

Thanks for your feedback!