Configure the Identity Provider for OpenID Connect
This topic provides information about configuring an identity provider (IdP) to use OpenID Connect (OIDC) with Tableau Server. This is one step in a multi-step process. The following topics provide information about configuring and using OIDC with Tableau.
-
OpenID Connect Overview
-
Configure the Identity Provider for OpenID Connect (you are here)
Before you can use OpenID Connect with Tableau Server, you must have an account with an identity provider (IdP) and a project or application with the IdP. When you configure Tableau Server, you will need to be able to provide the following information:
-
Client ID: This is the identifier that the IdP assigned to your application.
-
Client secret: This is a token that is used by Tableau to verify the authenticity of the response from the IdP. This value is a secret and should be kept securely.
-
Configuration URL: This is the URL at the provider's site that Tableau Server should send authentication requests to.
Redirect URL
Some IdPs will require a redirect URL for
You can manually construct your URL for the IdP using the following syntax:
<protocol>://<host>/vizportal/api/web/v1/auth/openIdLogin
For example, https://tableau.example.com/vizportal/api/web/v1/auth/openIdLogin
.
Signing algorithm
Tableau Cloud supports RS256 (RSA using SHA-256).
Example IdP process
The following procedure provides an outline of the steps that you follow with the provider. As an example, the procedure discusses using
-
Register at the provider's developer site and sign in. For example, for Google, you can go to the Developers Console at this URL: https://console.developers.google.com(Link opens in a new window)
-
Create a new project, application, or relying party account.
-
In the developer dashboard, follow the steps for getting an OAuth 2.0 client ID and client secret. Record these values for later.
Note: Keep the client secret in a secure place.
-
On the developer site, find the URL of the endpoint that the IdP uses for OpenID Connect discovery. For example, Google uses the URL https://accounts.google.com/.well-known/openid-configuration(Link opens in a new window). Record this URL for later.
Alternatively, if your IdP has provided you with a static discovery document, copy that file to a local directory on the Tableau Server for later.