7 Replies Latest reply on Jun 9, 2015 3:56 PM by Heather Carter

    Authentication with Tableau and AD

    Giancarlos Escalante

      Tableau online only states the following for authentication with AD "Tableau passes them to the AD server" as “We understand how credentials go from the user to the tableau Server.  But, what we need help understand is how the tableau Server verifies those credentials with active directory.“?

        • 1. Re: Authentication with Tableau and AD

          Hey Giancarlos,

           

          I'm not sure I totally understand the question but here is what I know:

           

          Tableau Server does not store any passwords for users synced through Active Directory. Instead, Tableau Server reaches out to the Active Directory domain for authentication whenever a user needs to log in. Active Directory will confirm or reject a user's credentials which then tells Tableau Server if it's okay to proceed.

           

          I hope this answers your question,

           

          -Diego

          1 of 1 people found this helpful
          • 2. Re: Authentication with Tableau and AD
            Giancarlos Escalante

            Thanks for your response. I've also found the following:

             

            Tableau

            Enable automatic logon, which uses Microsoft SSPI to automatically sign in your users based on their Windows username and password.Enable automatic logon, which uses Microsoft SSPI to automatically sign in your users based on their Windows username and password.

            • 3. Re: Authentication with Tableau and AD
              Heather Carter

              Has anyone had the "Enable automatic logon" work?  I have a environment where I must install Tableau Server in another domain from where the AD users are; but there is a trust relationship defined between the two AD domains.

              The auto logon doesn't seem to work.

              • 4. Re: Authentication with Tableau and AD
                Justin D'Cruze

                Haven't had too many issues with Automatic Logon turned on.

                 

                In situations where you have the user logging in from multiple (trusted) domains, only the domain\account logon which has been defined for the user within Tableau Server will work.

                For access from the other domain to work, the user can login manually with their (1st domain) credentials or you'll need to add the 2nd domain\account on Tableau Server as well. Note that this will create another separate user profile for that person, which probably isn't what you want.

                • 5. Re: Authentication with Tableau and AD
                  Heather Carter

                  Justin

                   

                  Let me make sure I understand.  I'm not sure you got the complete scenario:


                  In DomainA I have Tableau Server installed because I must have it as a separate island.  My users are all defined in DomainB that will log in.   DomainA and DomainB have a trust relationship.    I have set up Tableau Server (in DomainA) set up to get user/groups from DomainB. Even with "Enable Automatic Logon" checked a user in DomainB attempting to access the Tableau Server URL is eventually presented with a login page (it seems like it times out).  If the DomainB user enters the credentials they log in fine.  I was expecting that the DomainB user would not have to log in to Tableau Server-that the SSPI would work fine because of the trust relationship.

                  • 6. Re: Authentication with Tableau and AD
                    Justin D'Cruze

                    Interesting, you may want to run that one via Tableau Support.

                    I would actually expect that to work with automatic logon.

                    • 7. Re: Authentication with Tableau and AD
                      Heather Carter

                      I put in a ticket with Tableau Support.  Tableau Server has not been tested in the domain configuration I have to work in where our server is in a separate trusted domain from the users.  Domain A has the users.  Domain B has my servers and the Tableau Server.  Domain A trusts Domain B.  

                       

                      They added this as a feature request and closed the ticket.