3 Replies Latest reply on Dec 7, 2017 9:07 AM by Timo Tautenhahn

    OpenID Connect Many-to-One User Mapping

    Nagendra Siravara

      Hi all,

       

      My goal is to allow multiple guest users to view embedded views on a website.

      Guest User seems to be the solution, but seems like it is only available for core-based license (I have user-based license).

       

      Currently I have configured OpenID on Tableau server to work with our own IdP, using default "email" as the claim when user signs in for the first time.

      I'm thinking that mapping multiple IdP users to one Tableau user could reach my goal, but I am not sure if this is even doable?

       

      Based on this documentation, I can create a custom claim "role" to map users in the first sign-in session.

      After Tableau identifies the user with "role" claim, Tableau will then update that user's record with the "sub"claim from OpenID, where "sub" claim will be used in the following sign-in sessions.

       

      Let's say I have two IdP users and one Tableau user as below, how will the Tableau user's record look like after user1 and user2 both signed in for the first time?

       

      IdP user 1

      "sub": "user1",

      "email" : "user1@tableau.com",

      "role": "guest"

       

      IdP user 2

      "sub": "user2",

      "email" : "user2@tableau.com",

      "role": "guest"

       

      Tableau user

      Username: "guest"

       

      Is many-to-one mapping possible in this case? Or do you suggest other ways to simulate Guest User access?

      Any help is appreciated.

       

      Thank you.