Was this page helpful?
Yes No

Configure SAML with Azure Active Directory

If you’ve configured Microsoft Azure Active Directory (Azure AD) as your SAML identity provider (IdP), use the information in this topic alongside the Azure AD documentation to add Tableau Online to your single sign-on applications. Completing the steps in this topic requires Azure AD Premium edition.

Note: These steps reflect a third-party application and are subject to change without our knowledge. If the steps described here do not match the screens you see in your IdP account, you can use the general SAML configuration steps, along with the IdP’s documentation.

Open the Tableau Online SAML settings

To use Azure AD with Tableau Online, you configure a custom application in the Azure AD management portal. For this you’ll need to use information from the Tableau Online SAML settings.

  1. Sign in to your Tableau Online site as a site administrator, and select Settings > Authentication.

  2. On the Authentication tab, select Enable an additional authentication method, select SAML, and then select Edit connection.

    Screen shot of Tableau Online site authentication settings page

Add Tableau Online to your Azure AD applications

Taking information from the Tableau Online SAML settings page, complete the steps in the following Microsoft Azure article:

Configuring single sign-on to applications that are not in the Azure Active Directory application gallery.

Use the following table and list for specific values and settings.

For this setting in page 2, Configure App Settings… …paste this value from the Tableau Online SAML settings
Identifier The URL specified for the entity ID in step 1.
Reply URL The Assertion Consumer Service URL in step 1.
Check box settings labeled optional Clear both check boxes

Page 3 of the Azure single sign-on configuration is titled Configure single sign-on at Tableau Online. On this page, do the following:

  1. Under step 1, download the certificate file.

  2. Back in the Tableau Online settings, import the certificate file where indicated in step 4, and click Apply.

In the Azure AD configuration, you can ignore step 2, Configure the certificate and values…

Match assertions

For step 5 of the Tableau Online SAML settings, you need to change text box values in the Identity Provider (IdP) Assertion Name column to show the attributes that Azure AD provides.

  1. In the Azure AD management portal, navigate to the Applications tab.

  2. Select the Tableau Online application and then select the Attributes tab.

    You will plug some of the attributes shown here into the Tableau Online SAML settings.

  3. In the Azure AD portal, copy the attribute name given for the email address, and then in the Identity Provider (IdP) Assertion Name column in Tableau Online, paste it into the text box for Email.

    • If all accounts you’re giving access to are sourced from Microsoft accounts :this will be http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

    • If all accounts are sourced from Microsoft Azure Active Directory, use the following value:

      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name.

    • If you have a mix of account types, you might need to define a special attribute for all users, and use it instead.

  4. Repeat the above step for First name and Last name, or for Full name. These are

    • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

    • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

    • http://schemas.microsoft.com/identity/claims/displayname

  5. Click Apply.

Add users to the SAML-enabled Tableau site

After you complete the Azure AD configuration steps, continue to the Microsoft Azure steps for assigning users to the SAML application.

Then return to your Tableau Online site and complete step 6 to add users.