5 Replies Latest reply on May 14, 2018 1:43 PM by Srinivasa Vattigunta

    SSO between Desktop and Server

    Blake Slattery

      Hello,

       

      We recently enabled Kerberos authentication for Tableau at our organization. We have configured a few SQL data sources for Kerberos and everything is testing out okay - We can publish it to server and authentication flows through to the SQL DB. We log on to the server via the browser and it works fine. The issue comes from when we are trying to connect to Server via Tableau Desktop (to either publish or bring down an already published workbook). Then we cannot be authenticated. I have followed the steps from the various articles listed below.

       

      Historically we could select "Sign in using your Windows credentials" but that option seems to have been removed since we made this change.

       

      Quick Start: Single Sign-On with Kerberos

      Configure Kerberos

      Kerberos Requirements

      Error" Tableau Server could not authenticate you automatically" When Attempting to Enable Automatic Login | Tableau Soft…

       

      Any advice on anything specifically stopping Desktop and Server from communicating would be helpful.

        • 1. Re: SSO between Desktop and Server
          Carisa Chang

          Hi Blake,

           

          Once you've set up Kerberos, after you input your server name you should be automatically authenticated with no need to sign in. On my Tableau Server using Kerberos, when I open Tableau Desktop I am already signed in. Have you tried clearing your saved Server sign-ins?

           

          Sign in to Tableau Server or Online

          • 2. Re: SSO between Desktop and Server
            Blake Slattery

            Hi Carisa,

             

            I did try clearing the saved Server sign-ins but it still did not work (Under "Settings & Performance" -> "Clear Saved Server Sign-ins"). I am curious if you are aware of what specific permissions a user account (that is opening up in Desktop) might need that not having would prevent Desktop SSO?

             

            My Run As Server user seems to have no issue connecting to the SQL Servers that are configured for Kerberos and passing along user credentials appropriately - My current thought is maybe the regular Windows users don't have the right permissions to query AD - but I'd like to know what those permissions need to be before I go back to my AD team

            • 3. Re: SSO between Desktop and Server
              Carisa Chang

              Hi Blake,

               

              Logging in via Kerberos to Tableau Server is authentication and having credentials passed to a SQL Server is delegation - they are set up differently under the hood. Which one are your non-Admin users having issues with? (I assumed it was the first one) You may want to open a case with Support and include your Desktop and Server logs.

              • 4. Re: SSO between Desktop and Server
                Blake Slattery

                Thanks!


                You are correct in that the issue is with authentication not delegation. I was trying to illustrate that the delegation but not authentication seems to be working and I'm not sure what piece I would be missing (permissions or otherwise) to get the authentication working.

                 

                Yes I was going to open up a ticket with support but wanted to see if the community had any answers for me first.

                • 5. Re: SSO between Desktop and Server
                  Srinivasa Vattigunta

                  Hey Blake,

                   

                  Was this resolved? We are planning to implement Kerberos soon.