Update SAML Certificate

After you have configured SAML authentication, you may need to periodically update the certificate. In some cases, you may need to change the certificate for operational changes in your IT environment. In either case, you must use TSM or the Site Authentication page to update the SAML certificate that has already been configured.

Below are the steps to update the certificate and key files for server-wide and site-specific SAML implementations.

Update certificate for server-wide SAML

To change or update the certificate (and the corresponding key file if required) for server-wide SAML, follow the steps below:

  1. Open TSM in a browser:

    https://<tsm-computer-name>:8850. For more information, see Sign in to Tableau Services Manager Web UI.

  2. Stop Tableau Server.

    You can do this either from the TSM web UI, by clicking Tableau Server is running, and selecting Stop Tableau Server, or from the command line, using the tsm stop command.

  3. On the Configuration tab, select User Identity & Access, and then select the Authentication Method tab.

    Tableau Services Manager user authentication settings

  4. For Authentication Method, select SAML.

  5. Complete Step 1 - Step 4 in the GUI to update the SAML certificate file and exchange metadata between Tableau Server and your IdP.

  6. Click Save Pending Changes after you've entered your configuration information.

  7. Click Pending Changes at the top of the page:

  8. Click Apply Changes and Restart.

After you change the certificate, you must run tsm pending-changes apply to restart Tableau Server services. We also recommend restarting any other services on the computer that use the SAML certificate. If you are changing a root certificate on the operating system, you must reboot the computer.

Update certificate for site-specific SAML

The certificate used for Tableau site metadata is provided by Tableau and not configurable. To update the certificate for site-specific SAML, you must upload a new certificate to your IdP and re-exchange the metadata with Tableau Server.

  1. Sign in to the site as a server or site administrator, and select Settings > Authentication.

  2. Under Authentication types, select Edit connection to expand the Authentication GUI.

  3. Open a new tab or window, and sign in to your IdP account.

  4. Use the instructions provided by the IdP’s documentation to upload a new SAML certificate.

  5. Download the new XML metadata file to provide to Tableau Server.

  6. Return to the Authentication page in Tableau Server, and in Step 4 of the GUI, import the metadata file that you downloaded from the IdP.

  7. Click Save after you've updated your configuration information.

Thanks for your feedback!