5 Replies Latest reply on Apr 9, 2018 7:00 AM by Mark Holtz

    Active Directory Authentication - Multiple Domains

    John Cantu

      I came across some documentation on Tableau website regarding multiple domains:

      If you are adding a user that is from the same Active Directory domain that the server is running on, you can just type the user name. In addition, if there is a two-way trust set up between the domain the server is using and another domain, you can add users from both domains. The first time you add users from a different domain than the one the server is using you need to include the FQDN with the username. For example, domain.lan\username or username@domain.lan. Any subsequent users can be added using the domain's nickname.

       

      If I am understanding it correctly, then Tableau Server provides the ability to authenticate users from different domains while it is configured to active directory authentication on a single domain. So even though the configuration points to one domain, I can still add users from different domains?

       

      Is this true?

      Has anyone utilized this capability?

      And how would I determine if a two-way trust is set up between the domain the server is using and another domain? Does this require an add to the trusted authentication process?

       

       

      Any feedback is appreciated!

        • 1. Re: Active Directory Authentication - Multiple Domains
          Thom Gourley

          Hi John,

           

          At this late date, I'm figuring that you have either found the answer or given up.  ;-)

           

          I am in the middle of trying to make this work, i.e. adding users or groups from another domain with a two-way trust with Tableau's domain, but I'm not able to make it work.  I'm going to start a new thread on this topic to see if I can get any advice from other admins out there, because Tableau support is very, very slow right now.

           

          Thom

          • 2. Re: Active Directory Authentication - Multiple Domains
            Toby Erkson

            Thom, please include a link here pointing to your new thread.

             

            I'm a neophyte server admin but regarding the first paragraph by John, yet that does work as I have successfully done it twice.

            • 3. Re: Active Directory Authentication - Multiple Domains
              viraj gholap

              Hi John,

               

              "If I am understanding it correctly, then Tableau Server provides the ability to authenticate users from different domains while it is configured to active directory authentication on a single domain. So even though the configuration points to one domain, I can still add users from different domains?"

               

              Answer is Yes. It is possible and we have done that. After adding first user, Tableau will be pointing to first domain A. Now if you want to add user from domain B, you need to provide fully qualitfied name of the user. e.g. user1@B

               

              It worked for us. Hope it helps!

               

              Viraj

              • 4. Re: Active Directory Authentication - Multiple Domains
                Mike Connery

                Hi Toby,

                 

                I know this is an ancient thread - but I'm having trouble finding clear information in the Tableau Documentation, or on the forums for exactly how to implement this, so I'm hoping you can point me in the right direction since you mentioned that you have successfully done this. 

                I have set up a Tableau Server with Active Directory authentication, configured on the same domain as the Windows host server.  I need to add users from a second domain - my question is:  How do I actually add the second domain? 

                • On the 'General' tab of the Tableau Server Configuration Utility there is only a single box each for 'Domain' and then 'Nickname'. I have the primary domain information entered here, and I have been able to successfully add users from this domain.
                • In tabcmd, when I run 'listdomains' it shows the 'localhost' and then the primary domain.
                • The 'edit domain' command only seems to be for editing existing domains.  I don't see any spot to add another domain.

                 

                I've read through the articles linked below, but none of them seem to spell out where you actually enter or add an additional domain.  The KB articles briefly mention using the FQDN for the addtional domain the first time you add a user from there, but I have not had any success with that either.  It seems like I'm missing some piece of the puzzle here.  Any help would be appreciated.

                 

                Thanks!

                 

                Domain Trust Requirements

                User Management in Active Directory Deployments

                 

                 

                 

                Tamas Foldi  -  maybe this is a question you could help with?

                • 5. Re: Active Directory Authentication - Multiple Domains
                  Mark Holtz

                  Hi Mike,

                   

                  I was doing some research online to see if it is still not possible to mix authentication using a blend of AD accounts and native-Tableau user accounts. Looks like not.

                  But I came across your inquiry and it doesn't appear to be answered. This is certainly outside my area of expertise--I'm predominantly a Tableau Developer and I only dabble in Tableau Server Administration.

                  Hopefully you aren't still in the dark on this, but I figured I'd comment for posterity.

                   

                  That said, your network/IT team would first need to establish two-way trust with a new domain and the domain hosting Tableau Server. Only then will Tableau Server be able to "see" the other domain. We frequently acquire other companies and live through this all the time. We have about 6 domains that are "friendly" and others that aren't yet--which means we can't add AD users from those domains to Tableau Server yet.

                   

                  Are you sure two-way trust has been established between the domains? If it has been, you should be able to just add the Fully Qualified Domain Name\username via tabcmd, the console on Tableau Server, or via the Tableau Server web interface.

                  Hope that helps.