1 Reply Latest reply on Aug 18, 2016 9:54 AM by Jeff Strauss

    Ways of presenting content for external clients

    Martin Luxhøj

      My question was spun off Jeff Strauss' comment to this How To Use Tableau Sites where he states that he has " 4 sites which are divided between internal employees, external clients, dev_admin (only accessible to admins)" and that "Some of what defines a site for us is the login and security method.  (i.e. external users come in through a portal and starting with Tableau 10 there is some talk that security can be controlled at the site level)".


      So how do you go about presenting content for external clients? Sites for external users? How do you control authorization and authentication (External users in AD or?). Where would you then place the Tableau Server in the network? How do you then go about granting the external users access to the company network? VPN? I'm really curious about this portal that is mentioned.


      I hope that you would like to share how you go about this in your organizations.


      Thank you in advance.



        • 1. Re: Ways of presenting content for external clients
          Jeff Strauss

          There are a few options for enabling access to external clients, some are more involved than others.


          1. Tableau online - This is a Tableau "private cloud" offering that enables SaaS.  More info can be found here:  Tableau Online | Tableau Software


          2. Standup a distinct Tableau cluster in your corporate DMZ environment


          3. What we do, but is quite involved and requires a project to fulfill.  We run a singular H.A. Tableau cluster that is in use by both our internal  workforce and external clients.  It lives within our internal firewall.  I will address external clients at least at a high level at this point.

          - Clients access TS content via an Enterprise Client Access Portal (in the DMZ).  The portal initiates viz requests to render dashboards, these requests flow through HTTPS to a reverse proxy load balancer which then sends the request via the Javascript API requests to TS.  Some info on how to do this can be found here:  Configuring Proxies for Tableau Server

          - The identity security occurs via trusted authentication.  Some info on how to do this can be found here:  Trusted Authentication

          - External clients need to be defined within TS as a valid user that has permissions to the appropriate content.  We have AD integration enabled, so the external clients need to be valid AD users as well.  Clients are part of their own AD domain, there is a 1-way trust established between this AD domain and our internal so that these users can be added.  We use the REST API to add these users

          - The dashboards are common across clients.  We know the client identity that logged into TS via trusted authentication.  Therefore, we are able to filter down using internal filters within the dashboard to be contextual to the specific client.

          - Part of why we use a distinct site is to track usage effectively, and via our proxy setup, we are able to limit requests to come in that have this specific site which is part of the URI