1 Reply Latest reply on Sep 14, 2016 4:17 PM by Robin Cottiss

    Tableau view automatic login with Okta/SAML in embed mode


      We are using Tableau Server 10 and we've enabled SAML using Okta on the Tableau server. In our custom web application UI, when we load a tableau url using the JS API in embed mode, in the browser iFrame we see the Tableau sign-in page with "Sign in to Tableau Server" button, but it does not automatically re-direct to the Okta login page. When we click on the "Sign in to Tableau Server" button, then a pop-up opens and we see the Okta login page within the pop-up.


      1) How can we get the Tableau server automatically re-direct to Okta login page?

      2) If the user is already authenticated by the custom web application using Okta, then when we load the Tableau view URL in embed mode in one of our application pages, can Tableau use the Okta user session that is already created and not challenge the user again with a login page?


      const options = {

         hideTabs: true,

         width: "100%",

         height: "100%"


      new tableau.Viz(document.getElementById("vizContainer"), "https://host/t/site1/views/DashboardSummary/Dashboard1?:iid=1&:showVizHome=no ", options)

        • 1. Re: Tableau view automatic login with Okta/SAML in embed mode
          Robin Cottiss

          Hello Ravi,


          Most of our customers go the 2) route and make sure that the user is authenticated to your external IdP before trying to access an embedded view. This provides a much better user experience. Once you do that you can configure Tableau Server so that it does not show the Orange login button (it will without the setting change)


          Please see this documentation Using Clickjacking Protection in Tableau Server | Tableau Software


          The key configuration setting on Tableau Server is:


               tabadmin set wgserver.saml.iframed_idp.enabled true


          When this is enabled and you have already authenticated to the Idp then Tableau will authenticate transparently to the Idp and show the view without a login prompt from Okta.


          Thanks Robin

          1 of 1 people found this helpful