Update SAML Certificate
After you have configured SAML authentication, you may need to periodically update the certificate. In some cases, you may need to change the certificate for operational changes in your IT environment. In either case, you must use TSM or the Site Authentication page to update the SAML certificate that has already been configured.
Below are the steps to update the certificate and key files for server-wide and site-specific SAML implementations.
Update certificate for server-wide SAML
To change or update the certificate (and the corresponding key file if required) for server-wide SAML, follow the steps below:
Open TSM in a browser:
https://<tsm-computer-name>:8850. For more information, see Sign in to Tableau Services Manager Web UI.
Stop Tableau Server.
You can do this either from the TSM web UI, by clicking Tableau Server is running, and selecting Stop Tableau Server, or from the command line, using the
tsm stop
command.On the Configuration tab, select User Identity & Access, and then select the Authentication Method tab.
For Authentication Method, select SAML.
Complete Step 1 - Step 4 in the GUI to update the SAML certificate file and exchange metadata between Tableau Server and your IdP.
Click Save Pending Changes after you've entered your configuration information.
Click Pending Changes at the top of the page:
Click Apply Changes and Restart.
After you change the certificate, you must run tsm pending-changes apply
to restart Tableau Server services. We also recommend restarting any other services on the computer that use the SAML certificate. If you are changing a root certificate on the operating system, you must reboot the computer.
The certificate used for Tableau site metadata is provided by Tableau and not configurable. To update the certificate for
Sign in to the site as a server or site administrator, and select Settings > Authentication.
Under Authentication types, select Edit connection to expand.
Open a new tab or window, and sign in to your IdP account.
Use the instructions provided by the IdP’s documentation to upload a new SAML certificate.
Download the new XML metadata file to provide to Tableau Server.
Return to the Authentication page in Tableau Server, and in Step 4 of the UI, import the metadata file that you downloaded from the IdP.
Click the Apply button.