trustedAuthenticationSettings Entity

Before you configure trusted authentication, review Trusted Authentication.

Use the configuration file template below to create a json file. After you have filled in the options with the appropriate values, pass the json file and apply settings with the following commands:

tsm settings import -f /path/to/file.json

tsm pending-changes apply

If the pending changes require a server restart, the pending-changes apply command will display a prompt to let you know a restart will occur. This prompt displays even if the server is stopped, but in that case there is no restart. You can suppress the prompt using the --ignore-prompt option, but this does not change the restart behavior. If the changes do not require a restart, the changes are applied without a prompt. For more information, see tsm pending-changes apply.

Configuration template

Use this template to configure trusted authentication settings.

All entity options are case sensitive.

For more explanation about configuration files, entities, and keys see Configuration File Example.

After you have finished with the initial configuration of trusted authentication, use the tsm authentication trusted <commands> sub-category to set additional values.

"configEntities": {
	"trustedAuthenticationSettings": {
		"_type": "trustedAuthenticationSettingsType",
		"trustedHosts": ["webserv1","webserv2","webserv3"]

Configuration file reference

The following list includes all of the options that can be included with the "trustedAuthenticationSettings" entity set.



IP address or host names of web servers that request trusted tickets from Tableau Server.

This option takes a list of strings, which requires passing each IP or host in quotes, separated by a comma (no space) and within brackets. For example: ["","",""] or ["webserv1","webserv2","webserv3"].

The values you specify overwrite previous settings. Therefore, you must include the full list of hosts when you configure this value.



The value can be set to any integer between 9 and 255, inclusive.

Determines the number of characters in each trusted ticket. The default setting of 24 characters provides 144 bits of randomness. This option is ignored unless useV2Tickets is set to true, which is not a recommended best practice.



all | debug | info | warn | error | fatal | off

Default: info

Specifies logging level for processes related to creating and redeeming trusted tickets. See Change Logging Levels.



Default: 180

Specifies the length of time (in seconds) to invalidate trusted tickets after they are created.




Default: 10

Specifies the number of times to attempt to create a trusted ticket entry.



true | false

Default: false

When set to true, tickets are 9 digits long (as in version 8.0 and earlier) and the option tokenLength is ignored. This option is intended for temporary support of legacy code.

Warning: Setting this option to true severely and negatively impacts the security strength of trusted ticket authentication.



true | false

Default: false

Specifies whether Tableau Server should return a legacy URL format for trusted ticket requests. The legacy URL format includes a 24 character, Base64-encoded string. Beginning with Tableau Server 10.3, the URL that is returned has been updated and includes a Base64-encoded UUID and a 24 character secure random string. Only set option this to true if you have deployed trusted tickets with custom code that requires the legacy URL format. We recommend instead, updating your custom code to accept the new URL format.

Thanks for your feedback! There was an error submitting your feedback. Please try again.