Configure the Identity Provider for OpenID Connect


This topic provides information about configuring an identity provider (IdP) to use OpenID Connect (OIDC) with Tableau Server. This is one step in a multi-step process. The following topics provide information about configuring and using OIDC with Tableau.

  1. OpenID Connect Overview

  2. Configure the Identity Provider for OpenID Connect (you are here)

  3. Configure Tableau Server for OpenID Connect

  4. Signing In to Tableau Server Using OpenID Connect

Before you can use OpenID Connect with Tableau Server, you must have an account with an identity provider (IdP) and a project or application with the IdP. When you configure Tableau Server, you will need to be able to provide the following information:

  • Client ID: This is the identifier that the IdP assigned to your application.

  • Client secret: This is a token that is used by Tableau to verify the authenticity of the response from the IdP. This value is a secret and should be kept securely.

  • Configuration URL: This is the URL at the provider's site that Tableau Server should send authentication requests to.

Redirect URL

Some IdPs will require a redirect URL for your Tableau Server.

You can manually construct your URL for the IdP using the following syntax:

<protocol>://<host>/vizportal/api/web/v1/auth/openIdLogin

For example, https://tableau.example.com/vizportal/api/web/v1/auth/openIdLogin.

Signing algorithm

Tableau Cloud supports RS256 (RSA using SHA-256).

Example IdP process

The following procedure provides an outline of the steps that you follow with the provider. As an example, the procedure discusses using Google as a provider. However, each provider has a somewhat different flow, so the specifics of the steps (and their order) might vary depending on your provider.

  1. Register at the provider's developer site and sign in. For example, for Google, you can go to the Developers Console at this URL: https://console.developers.google.com(Link opens in a new window)

  2. Create a new project, application, or relying party account.

  3. In the developer dashboard, follow the steps for getting an OAuth 2.0 client ID and client secret. Record these values for later.

    Note: Keep the client secret in a secure place.

  4. On the developer site, find the URL of the endpoint that the IdP uses for OpenID Connect discovery. For example, Google uses the URL https://accounts.google.com/.well-known/openid-configuration(Link opens in a new window). Record this URL for later.

    Alternatively, if your IdP has provided you with a static discovery document, copy that file to a local directory on the Tableau Server for later.

Back to top