It's a really interesting question, but I have no realistic answer as I haven't encountered this one yet. As far as I know, all users need to be defined within the local Tableau repository, but perhaps SAML or upcoming Kerberos feature will change this.
Yeah, from all the reading I've done on SAML suggests that this setup isn't possible if the users haven't been pre-created in in our local Active Directory setup prior. Next step is to see if a one-way trust relationship between ADs is possible, or if I'm going to run into the same problem as well....
It appears this is possible to add users to tableau server from different AD domains.
The below KB states the steps to add a user from AD to tableau server. There is a note in the very end that states that users from different AD domain could be added to tableau server if there is a two-way trust between the domains.
So this does seem achievable but how the two-way trust can be established could be best answered by a Network administrator.
Hope this helps.
Yes, see Shafi's link, very bottom of the page. That's what I have to do if a user is not in our domain (AMERICAS\...) that the Server is running on (EMEA\..., APAC\..., etc.)