thank you for the very quick answer, so i am guessing the issue is both for current and beta versions, as i am having difficulty making it work :
those are the version i am testing on :
a) Tableau app (19.402.1795)
b) Tableau Beta app ( 19.506.1876)
but it would work seemlessly if we would use Edge browser on an IOS device managed by InTune ? right as this is the supported architecture,
with conditional access.
one more question from our security team, is the app native or just a layer on top of "apple webkit" and would be seen as browser on our end ?
You are correct, it applies to all versions of the Tableau Mobile app at this time. I have never had an opportunity to test on a mobile browser but it could work. Browsers have different access on mobile devices than does an app. I'd be interested to hear if it working with a browser. Ironically, the mobile version of Edge is not supported for Tableau Server (see All Technical Specifications | Tableau Software and click on "Server" at the top, then scroll down to "Web Browsers"). I would recommend Safari for iOS and Chrome for Android.
Your question about the app being native is a good one! I've never had anyone ask before. Can you please create a Support Case so we can forward it to our Security team as a formal inquiry? You can open a case by navigating to Support Case | Tableau Software Feel free to use my name and a link to this discussion in the case!
Nabil this was an artifact of having the integrated windows authentication not passing correctly from the azure application proxy to the tableau server.
we have since resolved those issues and now have a single login to our on prem tableau server via azure application proxy.
We leverage intune for MDM, but the tableau mobile app does not support the conditional access check for intune compliance.
I am curious as to what exactly you had to do to make this work?
We use Kerberos authn internally for our tableau servers and our azure ad application proxies are set up to delegate user credentials with Kerberos Constrained Delegation. This works intermittently. We have tried both the Tableau Mobile App GA and Beta apps. The apps are exempted from conditional access.
Tableau has an article about publishing Tableau Server behind a load balancer or proxy. Did you have to do any of those steps to make this work?
In short; anything you did to your setup for this to work consistently would be of interest!
We didn't add any of the app proxies to the load balancer settings in tableau.
From what i can tell Microsoft and Tableau have been making various changes to the authentication in the last few months.
Does it work consistently internally for you, kerberos without going thru the app proxy? Do you have multiple application proxies?
are you using the mobile app or mobile browser?
i've found the kerberos via application proxy to be a little clunky when you use various clients (safari, chrome, edge, internet explorer, installed app) and then the OS.
also i can't believe i forgot we had an intermittent issue we just fixed.
it turned out to be reverse DNS lookups. took us 1-2 weeks to resolve, but Bridget figured it out.
How many PTR records do you have for the name you are using to access tableau?