Use SAML SSO with Kerberos Database Delegation
In a Windows Active Directory (AD) environment, you can enable SAML single sign-on (SSO) to Tableau Server, along with Kerberos database delegation. This provides authorised users direct access to Tableau Server, as well as to the underlying data defined in their published workbooks and data sources.
In a typical scenario:
One of your Tableau analysts publishes a dashboard to Tableau Server. That dashboard contains a connection to a Hadoop cluster, for example, that is configured to accept Kerberos credentials.
Then the workbook publisher sends a link to colleagues for review.
When a colleague clicks the link, Tableau Server authenticates the user through the SAML SSO process. Then it looks at the user’s authorisation scheme, and if allowed, uses the Tableau Server keytab to accesses the underlying database on behalf of the user. This populates the dashboard with the Hadoop data that the user is authorised to see.
Using SAML with Kerberos works inherently when you complete the processes to enable each separately: