This topic provides road-map steps that describe how to configure SAML on Tableau Server with the Salesforce IdP.

This topic also explains how to enable Lightening Web Component (LWC). The LWC allows Salesforce administrators to embed a Tableau visualization within a Lightning page. When SSO is configured for Tableau Viz LWC on Tableau Server, the user experience is seamless: after the user signs into Salesforce, embedded Tableau views will work without further authentication to Tableau Server.

Enable Salesforce as a SAML Identity Provider

If you have not yet configured Salesforce as an IdP, then follow the procedure, Enable Salesforce as a SAML Identity Provider(Link opens in a new window), on the Salesforce Help site.

During the process to enable Salesforce as a SAML IdP, you will either specify a certificate or Salesforce will generate a self-signed certificate for use with SAML. Download this certificate (.crt file) and the associated provider metadata file (.xml). You will need these assets in the next step.

Configure SAML on Tableau Server

Using the certificate and metadata files that you downloaded in the previous step, follow the procedure in Configure Server-Wide SAML.

As part of the configuration process, you will generate a SAML Entity ID and a return URL (also referred to as the “ACS”) for Tableau Server. You will need these assets for the next step.

(Optional) After you have configured server-wide SAML, you can configure site-specific SAML on Tableau Server. See Configure Site-Specific SAML.

Add Tableau Server as a Connected App in Salesforce

Follow the procedure, Integrate Service Providers as Connected Apps with SAML 2.0(Link opens in a new window), on the Salesforce Help site.

In this process, you will create a new connected app (Tableau Server). Some important details follow:

  • Select "Enable SAML"
  • Enter the Entity ID anbd the ACS (return URL) that you generated when configuring Tableau in the previous section.
  • For the IdP certificate, be sure to select the same certificate that you specified or generated when you enabled Salesforce as a SAML provider.
  • To allow users to sign in to Tableau Server from your org, manage access to your connected app by assigning the appropriate profiles or permission sets.

Enable Lightening Web Component

To enable LWC for SAML SSO on Tableau Server, you must enable in-frame authentication. Before you enable LWC, upgrade to the latest maintenance release of Tableau Sever. Two additional version details are important:

After you have configured SAML on Tableau Server, run the following TSM commands to enable in-frame authentication:

tsm configuration set -k wgserver.saml.iframed_idp.enabled -v true

tsm pending-changes apply

Embed Tableau Views into Salesforce

After you have configured Tableau Server for SSO, you can then install the LWC in your Salesforce org and embed Tableau views. See Embed Tableau Views into Salesforce(Link opens in a new window).

Thanks for your feedback!