Configure SAML with Salesforce IdP on Tableau Server
This topic provides road-map steps that describe how to configure SAML on Tableau Server with the Salesforce IdP.
This topic also explains how to enable Lightning Web Component (LWC). The LWC allows Salesforce administrators to embed a Tableau visualization within a Lightning page. When SSO is configured for Tableau Viz LWC on Tableau Server, the user experience is seamless: after the user signs into Salesforce, embedded Tableau views will work without further authentication to Tableau Server.
Enable Salesforce as a SAML Identity Provider
If you have not yet configured Salesforce as an IdP, then follow the procedure, Enable Salesforce as a SAML Identity Provider(Link opens in a new window), on the Salesforce Help site.
During the process to enable Salesforce as a SAML IdP, you will either specify a certificate or Salesforce will generate a self-signed certificate for use with SAML. Download this certificate (.crt file) and the associated provider metadata file (.xml). You will need these assets in the next step.
Configure SAML on Tableau Server
Using the certificate and metadata files that you downloaded in the previous step, follow the procedure in Configure Server-Wide SAML.
As part of the configuration process, you will generate a SAML Entity ID and a login URL for Tableau Server. You will need these assets for the next step.
(Optional) After you have configured server-wide SAML, you can configure site-specific SAML on Tableau Server. See Configure Site-Specific SAML.
Add Tableau Server as a Connected App in Salesforce
Follow the procedure, Integrate Service Providers as Connected Apps with SAML 2.0(Link opens in a new window), on the Salesforce Help site.
In this process, you will create a new connected app (Tableau Server). Some important details follow:
- Select "Enable SAML"
- Enter the Entity ID and the login URL that you generated when configuring Tableau in the previous section. By default, login URL is
https://<tableauserver>/wg/saml/SSO/index.html
. - For the IdP certificate, be sure to select the same certificate that you specified or generated when you enabled Salesforce as a SAML provider.
- To allow users to sign in to Tableau Server from your org, manage access to your connected app by assigning the appropriate profiles or permission sets.
Enable Lightning Web Component
To enable LWC for SAML SSO on Tableau Server, you must enable in-frame authentication. Before you enable LWC, upgrade to the latest maintenance release of Tableau Sever. Two additional version details are important:
- If you are not running the latest maintenance release, and your users are running Chrome browsers to access Salesforce Lightning, then review the Tableau KB article, Embedded Views Fail to Load After Updating to Chrome 80(Link opens in a new window).
- If you are using LWC with site-specific SAML on Tableau Server, then you must be running the Tableau Server 2020.4 or later.
After you have configured SAML on Tableau Server, run the following TSM commands to enable in-frame authentication:
tsm configuration set -k wgserver.saml.iframed_idp.enabled -v true
tsm pending-changes apply
Embed Tableau Views into Salesforce
After you have configured Tableau Server for SSO, you can then install the LWC in your Salesforce org and embed Tableau views. See Embed Tableau Views into Salesforce(Link opens in a new window).