Configure the Identity Provider for OpenID Connect
This topic provides information about configuring an identity provider (IdP) to use OpenID Connect (OIDC) with Tableau Server. This is one step in a multi-step process. The following topics provide information about configuring and using OIDC with Tableau Server.
-
OpenID Connect Overview
-
Configure the Identity Provider for OpenID Connect (you are here)
Configure the IdP
Before you can use OpenID Connect with Tableau Server, you must have an account with an identity provider (IdP) and a project or application with the IdP. When you configure Tableau Server, you will need to be able to provide the following information:
-
Client ID. This is the identifier that the IdP assigned to your application.
-
Client secret. This is a token that is used by Tableau to verify the authenticity of the response from the IdP. This value is a secret and should be kept securely.
-
Configuration URL. This is the URL at the provider's site that Tableau Server should send authentication requests to.
Redirect URL
Some IdPs will require a redirect URL for
You can manually construct your URL for the IdP using the following syntax:
<protocol>://<host>/vizportal/api/web/v1/auth/openIdLogin
For example, https://tableau.example.com/vizportal/api/web/v1/auth/openIdLogin
.
Example IdP process
The following procedure provides an outline of the steps that you follow with the provider. As an example, the procedure discusses using
-
Register at the provider's developer site and sign in. For example, for Google, you can go to the Developers Console at this URL: https://console.developers.google.com(Link opens in a new window)
-
Create a new project, application, or relying party account.
-
In the developer dashboard, follow the steps for getting an OAuth 2.0 client ID and client secret. Record these values for later.
Note: Keep the client secret in a secure place.
-
On the developer site, find the URL of the endpoint that the IdP uses for OpenID Connect discovery. For example, Google uses the URL https://accounts.google.com/.well-known/openid-configuration(Link opens in a new window). Record this URL for later.
Alternatively, if your IdP has provided you with a static discovery document, copy that file to a local directory on the Tableau Server for later.