3 of 3 people found this helpful
If there is no two-way trust between the Tableau Server domain and the domains of the users, then yes: you will need to use local authentication to add users. Importing them from Active directory will not work. If you would like to import them via Active Directory, a two-way trust would need to be established between the Tableau Server domain and the domains of the AD users.
The rest of my answer will assume that establishing a two-way trust is not possible in your scenario.
- RE: local auth. Since you do not have two-way trust between domains you will need to use Local Authentication. I would advise using domain\username or username@domain for the usernames to avoid collisions (for example, jsmith@domain instead of jsmith). It is crucial to note that the IdP must send both the domain and username for a user in this case (as the username attribute), and these must match the user exactly in Tableau Server. These can be sent either as domain\username or username@domain.
- RE: Manual adding of users. It is possible to script the add users command either through the tabcmd utility or through the REST API. This would require scripting knowledge from your IT team. Otherwise yes, you would need to manually add these users. Here are the reference guides for scripting the Tableau Server add users command:
- RE: authorization. Only users added to the Tableau Server itself will be able to access content (workbooks, views, data sources). In other words, if the user has an account on your SAML IdP but has not been added as a user on Tableau Server they will not be able to access Tableau Server.
- RE: password storage in Tableau Server. When creating a local user in Tableau Server you must specify a password. However, since you are using SAML the password stored on Tableau Server will not be used. Your SAML IdP will validate the users password.
I hope this helps!
is there any way to add a local user with AD still being enabled?
1 of 1 people found this helpful
Currently mixed mode authentication (local and AD auth) is not supported in Tableau Server. There is an ideas forum on this topic though - please vote it up if you would like to see this functionality built in!
Changing the authentication mode from Active Directory to Local involves re-installing the Tableau Server. The full instructions can be found here:
Hope that helps!