I think you are saying your app authenticates a user with OneLogin, and then requests a view from Tableau Online, at which point the user is prompted for their username?
If that is the case, once they input their username, the view will load without further prompts, because Tableau Online will have their username and confirm with OneLogin that they are signed in. Until Tableau Online knows who the user is, though, it won't know they've been authenticated.
Have you set the default authentication type for embedded views?
What I am saying is that the app authenticates the user via OneLogin using SAML so that it crates a seamless integration and flow.
Once the user has been authenticated, they should not need to log in again to view their dashboards.
The flow is quite simple:
Prompt user to log in on home/index screen - all other routes are guarded, no auth, no access
Validate user against OneLogin user base (which mirrors Tableau users)
Log the user in via OneLogin screen.
If authentication is successful, receive SAML assertion
Once logged in and asserted, allow them access to dashboard screen
User should now see embedded views - they should not be prompted to log in as they have already been authenticated!
Yes, I have set default authentication to OneLogin and have also allowed/enabled login via embedded iFrame.
Reading similar posts, I am not the first one to attempt this.
Seems like most people are having issues regarding this.
I think what you're running into, is that there isn't a way to provide the username to Tableau in the embed code, so Tableau will have to ask for the user's username in order to see that they are logged into OneLogin. If the user is already logged into Tableau in another tab in the same browser, before loading your page, do they see the prompt?
"If the user is already logged into Tableau in another tab in the same browser, before loading your page, do they see the prompt?"
If there already is an active session, in another tab - no.
If IdP (OneLogin) is set to be the default authentication then the IdP sets the session/token as authenticated and all apps connected to that user should then be able to “see” that the user is authenticated and authorised to use the apps.
For Tableau server they suggest using OIDC, for which there are a few examples and I got that working with a locally self hosted Tableau server, OIDC is not available for Tableau online.
For Tableau online they suggest SAML, for which I cannot get decent examples of how to consume/use the assertion once I have received it.
Have you also selected the option to use inline frames for auth?
For Tableau Online, or for Tableau Server configured to use Site-Specific SAML:
Ensure the below two options are properly configured under Settings > Authentication:
- Set the Default authentication type for embedded views to SAML.
- Under Embedding options, select Authenticate using an inline frame (less secure; not supported by all IdPs).
For more information, see Configure SAML for a site.