Add Trusted IP Addresses or Host Names to Tableau Server

The first step in setting up trusted authentication is to configure Tableau Server to recognize and trust requests from one or more web servers:

  1. Open TSM in a browser:

    https://<server_name>:8850. For more information, see Sign in to Tableau Services Manager Web UI.

  2. Click User Identity & Access on the Configuration tab and then click Trusted Authentication.

  3. Under Trusted Authentication, for each trusted host, enter the name or IP address and then click Add:

    Configure trusted authentication screenshot

    Notes:
    The values you specify completely overwrite any previous setting. Therefore, you must include the full list of hosts if you want to amend an existing list.

    Static IP addresses are required: The web servers you specify must use static IP addresses, even if you use host names.

    If you have one or more proxy servers between the computer that is requesting the trusted ticket (one of those configured in Step 2 as shown at Trusted Authentication) and Tableau Server, you also need to add them as trusted gateways using the tsm configuration set gateway.trusted option. See Configuring Proxies and Load Balancers for Tableau Server for steps.

  4. Enter a value in Token Length (Optional).

    The token length determines the number of characters in each trusted ticket. The default setting of 24 characters provides 144 bits of randomness. The value can be set to any integer between 9 and 255, inclusive.

  5. Click Save Pending Changes after you've entered your configuration information.

  6. Click Pending Changes at the top of the page:

  7. Click Apply Changes and Restart.

  1. Enter the following command:

    tsm authentication trusted configure -th <trusted IP address or host name>

    In the command above, <trusted IP address> should be a comma-separated list of the IPv4 addresses or host names of your web server(s), with each host name or IP address in quotes.

    Note:  The values you specify completely overwrite any previous setting. Therefore, you must include the full list of hosts in the tsm authentication trusted configure -th command. (You cannot amend the list of hosts by running the tsm authentication trusted configure -th command repeatedly.)

    For example:

    tsm authentication trusted configure -th "192.168.1.101", "192.168.1.102", "192.168.1.103" 

    or

    tsm authentication trusted configure -th "webserv1", "webserv2", "webserv3" 

    Notes:
    Each host name or IP address in the list must be in double-quotes, followed by a comma and one space after each comma.
    The web servers you specify must use static IP addresses, even if you use host names.

  2. If you have one or more proxy servers between the computer that is requesting the trusted ticket (one of those configured in Step 2 as shown at Trusted Authentication) and Tableau Server, you also need to add them as trusted gateways using the tsm configuration set gateway.trusted option. See Configuring Proxies and Load Balancers for Tableau Server for steps.

  3. Type the following command to save the changes to all the server configuration files:

    tsm pending-changes apply

    If the pending changes require a server restart, the pending-changes apply command will display a prompt to let you know a restart will occur. This prompt displays even if the server is stopped, but in that case there is no restart. You can suppress the prompt using the --ignore-prompt option, but this does not change the restart behavior. If the changes do not require a restart, the changes are applied without a prompt. For more information, see tsm pending-changes apply.

    There are other optional trusted authentication configurations (legacy support, logging, and timeout settings) that you can make by passing a json file to Tableau Server. See trustedAuthenticationSettings Entity.

Next, you need to configure your web server to receive tickets from Tableau Server.

Thanks for your feedback!Your feedback has been successfully submitted. Thank you!