Changing IdPs in Tableau Server for OpenID Connect
This topic provides information about changing an identity provider (IdP) if you have configured Tableau Server to use OpenID Connect.
Change providers
You might decide to change the IdP that Tableau Server is configured to use. To do so, you follow the procedure that you used to configure the first IdP: establish an account, get a customer ID and secret, configure Tableau Server with that information, and provide the IdP with the redirect URL for Tableau Server. For more information, see Configure Tableau Server for OpenID Connect.
Reset user identifiers
However, you also need to perform an additional step: you must clear any user identifiers (sub
values or claims) that have already been associated with Tableau Server users. The new IdP will have different sub
values for each user, and you must clear the existing ones so that Tableau Server can store a new sub
value when the user signs in using the new IdP.
To clear sub values for users, use the tabcmd reset_openid_sub
command. You can reset (that is, clear) sub
values for an individual user, as in the following example:
tabcmd reset_openid_sub --target-username jsmith
You can also clear the sub value for all users using this command:
tabcmd reset_openid_sub --all
Note: Clearing user identifiers for members of an identity pool(Link opens in a new window) is not supported.