I am very new to Tableau and to SAML SSO so please forgive my ignorance . I have experimenting with SAML on Tableau Online and Azure Active Directory. I think I have successfully configured SAML using the instructions in the online help. I am seeing what I call unexpected behavior though.
When logging in using a session initiated at the Tableau Login screen (SP initiated) the following happens:
- I enter the user name for a SAML enabled user which is configured in Tableau Online and also exists in my Azure AD. The password field disappears and I click Sign On
- I get redirected to the IdP at Azure AD, but the user name is not entered in the username field on that page.
- I manually enter the username from above, enter the password and log on to the IDP
- I get redirected to the Tableau Online content
When logging on using a session initiated at Azure (https://account.activedirectory.windowsazure.com/ , IdP initiated), I get the following:
- I enter the user name for a SAML enabled user which is configured in Tableau Online and also exists in my Azure AD
- I enter the password and log on to the IDP
- I get a screen presenting my Apps and click on Tableau Online
- A new browser tab is opened and it goes to the Tableau Online login screen, with no username or password entered in the fields.
- I manually enter the username as I did in the IdP, the password field disappears.
- I click the Sign In button and get redirected to the Tableau Online content
This seems like too many steps involved. I expect the following:
- in the first scenario that the username is passed from Tableau to the IdP, that it is already present in the IdP login screen and only the password needs to be entered
- in the second scenario that I do not need to enter the username in the Tableau Online login screen, but that SAML logs me in automatically and the content is shown
I have seen this behavior in several browsers and computers (Windows Internet Explorer, Safari Mac and Chrome Mac).
The SAML connection test login seems to recognize all claims and assertions correctly.
Do I need to change something in my configuration, or is this behavior By Design?