Connect Tableau Server to the Salesforce Data Cloud

Applies to: Data Cloud

Tableau Server (version 2023.3 and later)

In October 2023, Salesforce introduced a new Data Cloud connector that seamlessly connects Data Cloud and Tableau Server. The Salesforce Data Cloud connector is already available for Tableau Cloud, Tableau Desktop, and Tableau Prep in a previous release.

Note: The Tableau Server UI displays both the existing Customer Data Platform connector and the new Salesforce Data Cloud connector. After the Customer Data Platform connector is deprecated in October 2023, the Tableau Desktop UI will show Customer Data Platform connector (deprecated).

Benefits of the Salesforce Data Cloud Connector

  • The connector is automatically included in a Tableau Desktop installation and eliminates the additional step to install the connector with a Taco file and a JDBC driver.
  • The connector is data spaces aware with improved usability that shows the object label in Tableau connect UI instead of the object API name.
  • The connector is powered by accelerated queries.

Note: Tableau Server 2023.3 is required to use the Salesforce Data Cloud connector. Follow the steps below to set up the Tableau Server Connector.

Step 1: Create a Salesforce connected app

The new Salesforce Data Cloud connector still requires the customer to create their own connected app. The Salesforce connector and the Salesforce Data Cloud connector share the same connected app. If you are already using the Salesforce connector, you only need to add the three Customer Data Platform scopes listed in step 7 to your existing connected app.

  1. Sign in to your Salesforce.com developer account, click your user name in the upper-right, and then select Setup.
  2. In the left navigation column, under Apps, select App Manager.
  3. In the Connected Apps section, click New Connected App.
  4. In Basic Information, give the app a name, tab through the APIfield so it will auto-populate in the correct format, and enter a contact email for the app.
  5. In the API [Enable OAuth Settings] section, select Enable OAuth Settings.
  6. In the new OAuth settings that appear, for Callback URL, type the fully qualified domain name of your server, using the https protocol, and append the following text to the URL: auth/add_oauth_token.
    For example:
    https://www.your_tableau_server.com/auth/add_oauth_token
  7. Move the following items from Available OAuth Scopes to Selected OAuth Scopes:
    • Access the identity URL service (id, profile, email, address, phone)
    • Manage user data via APIs (api)
    • Perform requests any time (refresh_token, offline access)
    • Perform ANSI SQL queries on Customer Data Platform data (cdp_query_api)
    • Manage Customer Data Platform profile data (cdp_profile_api)
    • Manage Customer Data Platform Ingestion API data (cdp_ingest_api)
  8. Click Save.

After you save the app, Salesforce populates the API section with the following IDs that you will use to configure Tableau Server:

  • Consumer Key
  • Consumer Secret
  • Callback URL

    OAuth settings

Step 2: Configure Tableau Server for Salesforce.com OAuth

Once your connected app is created in Salesforce and you have the Customer Key, Customer Secret, and the Callback URL, you can configure Tableau Server for Salesforce data connections and outputs, and Einstein Discovery.

  1. On the Tableau Server computer, at a command prompt, run the following commands:
    tsm configuration set -k oauth.salesforce.client_id -v <your_customer_key>
    tsm configuration set -k oauth.salesforce.client_secret -v <your_customer_secret>
    tsm configuration set -k oauth.salesforce.redirect_uri -v <your_redirect_URL>
  2. (Optional) To change the default login server, type the following command:
    tsm configuration set -k oauth.salesforce.server_base_url -v <URL>
  3. Enter the following command to apply changes:
    tsm pending-changes apply
    If the pending changes require a server restart, the pending-changes apply command will display a prompt to let you know a restart will occur. This prompt displays even if the server is stopped, but in that case there is no restart. You can suppress the prompt using the --ignore-prompt option, but this does not change the restart behavior. If the changes do not require a restart, the changes are applied without a prompt. For more information, see tsm pending-changes apply.

Configure custom OAuth for a site

For setup instructions, see the OAuth Connections topic.

Tableau Server (version 2023.1 and earlier)

Warning: The Customer Data Platform connector will be deprecated in October 2023. You can use the connector until it’s been retired. After the connector is retired, it’s removed from the Tableau user interface and any data sources using the connector will no longer work as expected. Typically, a deprecated connector will be retired 1–2 releases after it’s deprecated.

New users: If you’re a new user, you can use the built-in Salesforce Data Cloud connector.

This section describes how to connect from Tableau Server to the Salesforce Customer Data Platform through OAuth authentication.

The steps described in this section are required to use Salesforce Customer Data Platform data in Tableau Server.

Step 1: Set up the connector

  1. Download the latest Salesforce Customer Data Platform connector (Salesforce_CDP.taco file) from the Tableau Exchange Connectors site.
  2. Move the.taco file to the Tableau connector folder:
  • Windows: C:\Users[Windows User]\Documents\My Tableau Repository\Connectors
  • Linux: /opt/tableau/connectors OR /var/opt/tableau_server/data/tabsvc/vizqlserver/Connectors/
  1. Restart Tableau Server.

Step 2: Install the Customer Data Platform JDBC driver

Note: Tableau version 2023.1 for Server is only compatible with JDBC driver version 18 and above.

  1. Download the latest JDBC driver (Salesforce-CDP-jdbc-[version].jar file) from the Salesforce CDP GitHub site: https://github.com/forcedotcom/Salesforce-CDP-jdbc/releases
  2. Move the downloaded Salesforce-CDP-jdbc-[version].jar file to the following location:
  • Windows: C:\Program Files\Tableau\Drivers
  • Linux: /opt/tableau/tableau_driver/jdbc

Step 3: Create a Salesforce connected app

After creating the API scopes, use the following procedure to create a Salesforce connected app to handle OAuth delegation from Tableau Server.

  1. Sign in to your Salesforce Customer Data Platform account as an admin, click your username in the upper-right, and then select Setup.

  2. In the left pane, under Apps, select App Manager.

  3. In the Connected Apps section, click New Connected App.

  4. In Basic Information, give your connected app a name (for example, Example.com), tab through the API field so it self-populates in the correct format, and enter a contact email address for the app.

  5. In the API [Enable OAuth Settings] section, select Enable OAuth Settings, and then do the following:

    1. In the new OAuth settings that appear, for Callback URL, type the fully qualified domain name (FQDN) of your Tableau Server, using the https protocol, and append the following text to the URL: /auth/add_oauth_token.

      For example: https://example.com/auth/add_oauth_token

    2. Move the following items from Available OAuth Scopes to Selected OAuth Scopes:

      • Manage user data via APIs (api)
      • Perform requests on your behalf at any time (refresh_token, offline_access)
      • Manage Customer Data Cloud profile data (cdp_profile_api)
      • Perform ANSI SQL queries on Customer Data Platform data (cdp_query_api)

  6. When finished, click Save.

  7. Go to your App Manager list, navigate to your connected app, click the dropdown arrow, and then select Manage.

After you save the app, the API (Enable OAuth Settings) section is populated with the following IDs that you'll use to configure Tableau Server:

  • Consumer Key
  • Consumer Secret
  • Callback URL

    Note: Save your Consumer Key, Secret, and Callback URL for use later.



Use OAuth with the Customer Data Platform

Consider configuring a custom OAuth client to 1) override an OAuth client if configured for the server or 2) enable support for securely connecting to data that requires unique OAuth clients.

After the connected app is created in Salesforce and you have the Consumer Key, Consumer Secret, and the Callback URL, you can configure Tableau Server for the Customer Data Platform OAuth connections. To get started gather the following information.

  • Consumer Key: The Consumer Key, also known as the client ID in Tableau, is generated from the procedure at the end of Step 4. Use this value for [your_consumer_key] in the following tsm command.
  • Consumer Secret: The Consumer Secret, also known as the client secret in Tableau, is generated from the procedure at the end of Step 4. Use this value for [your_consumer_secret] in the following tsm command.
  • Callback URL: The Callback URL, also know as the redirect URL in Tableau, is you Tableau Server URL https://example.com and "/auth/add_oauth_token" appended to it. Use this value for [your_callback_url] in the following tsm command.
  • Configuration ID: The value for the oauth.config.id parameter you use in the following tsm: customer_360_audience
Use TSM Commands for OAuth Setup

Run the following tsm commands to configure OAuth.

tsm configuration set -k oauth.config.clients -v "[{\"oauth.config.id\":\"customer_360_audience\", \"oauth.config.client_id\":\"[your_consumer_key]\", \"oauth.config.client_secret\":\"[your_consumer_secret]\", \"oauth.config.redirect_uri\":\"[your_callback_url]\"}]" --force-keys

tsm pending-changes apply

Setting multiple connectors

If you have multiple connectors to set, you must include all of them in a single command. For example: 

tsm configuration set -k oauth.config.clients -v "[{\"oauth.config.id\":\"custom_360_audience\", \"oauth.config.client_id\":\"[your_consumer_key]\", \"oauth.config.client_secret\":\"[your_consumer_secret]\", \"oauth.config.redirect_uri\":\"[your_callback_url]\"}, {\"oauth.config.id\":\"dremio\", \"oauth.config.client_id\":\"[your_client_id]\", \"oauth.config.client_secret\":\"[your_client_secret]\", \"oauth.config.redirect_uri\":\"[your_server_url]/auth/add_oauth_token\"}, {\"oauth.config.id\":\"azure_sql_dw\", \"oauth.config.client_id\":\"[your_client_id]\", \"oauth.config.client_secret\":\"[your_client_secret]\", \"oauth.config.redirect_uri\":\"[your_server_url]/auth/add_oauth_token\"}, {\"oauth.config.id\":\"azure_sqldb\", \"oauth.config.client_id\":\"[your_client_id]\", \"oauth.config.client_secret\":\"[your_client_secret]\", \"oauth.config.redirect_uri\":\"[your_server_url]/auth/add_oauth_token\"}]" --force-keys

tsm pending-changes apply

Step 1: Register OAuth client ID and client secret

Complete the following procedure to register the custom OAuth client to your site.

  1. Sign into Tableau Server using your site admin credentials and navigate to the Settings page.
  2. Under OAuth Clients Registry, select the Add OAuth Client button.
  3. For Connection Type, select Customer Data Platform.
  4. For OAuth Provider, select Custom IDP.
  5. Enter the Client ID.
  6. Enter the Client Secret.
  7. Enter the Redirect URL.
  8. For Choose OAuth Config File, select the Choose a file button to upload the config file.
  9. Select the Add OAuth Client button to complete the registration process.
  10. Select the Save button at the bottom or top of the Settings page to save changes.

Step 2: Validate and update saved credentials

To help ensure uninterrupted data access, you (and your site users) must delete any previous saved credentials and add them again.

  1. Navigate to your My Account Settings page.
  2. Under Saved Credentials for Data Sources, select Delete next to the existing saved credentials.
  3. Next to the same connector, select Add.
  4. Follow the prompts to connect to the Customer Data Platform connector.
  5. Select Save.

Step 3: Notify users to update their saved credentials

Make sure you notify your site users to update their saved credentials for the Customer Data Platform connector. Site users can use the procedure described in Manage Saved Credentials for Data Connections to update their saved credentials.

See also
Back to top
Thanks for your feedback!