This guide covers how to configure Tableau Cloud as a SAML application in Cloudflare Zero Trust.
Prerequisites
- A SAML identity provider configured in Cloudflare Zero Trust
- Admin access to a Tableau Cloud site
1. Add a SaaS application to Cloudflare Zero Trust
- In Zero Trust, go to Access > Applications.
- Select Add an application > SaaS.
- For Application, select Tableau.
- For the authentication protocol, select SAML.
- Select Add application.
- Copy the SAML Metadata endpoint.
- Keep this window open without selecting Select configuration. You will finish this configuration in step 4. Finish adding a SaaS application to Cloudflare Zero Trust.
2. Download the metadata file
- Paste the SAML Metadata endpoint in a web browser.
- Follow your browser-specific steps to download the URL’s contents as an
.xmlfile.
3. Add a SAML SSO provider to Tableau Cloud
- In Tableau Cloud, go to Settings > Authentication.
- Turn on Enable an additional authentication method. For select authentication type, select SAML.
- Under 1. Get Tableau Cloud metadata, copy the Tableau Cloud entity ID and Tableau Cloud ACS URL.
- Under 4. Upload metatdata to Tableau, select Choose a file, and upload the
.xmlfile created in step 2. Download the metadata file
- Under 5. Map attributes, turn on Full name. For Name (full name), enter
name.
- (Optional) Choose whether users who are accessing embedded views will Authenticate in a separate pop-up window or Authenticate using an inline frame.
- Select Save Changes.
4. Finish adding a SaaS application to Cloudflare Zero Trust
- In your open Zero Trust window, fill in the following fields:
- Entity ID: Tableau Cloud entity ID from Tableau Cloud SAML SSO set-up.
- Assertion Consumer Service URL: Tableau Cloud ACS URL from Tableau Cloud SAML SSO set-up.
- Name ID format: Email
- Select Save configuration.
- Configure Access policies for the application.
- Select Done.
5. Test the Integration and set default authentication type
- In Tableau Cloud, go to Settings > Authentication.
- Under 7. Test Configuration, select Test Configuration.
- Sign in. If your sign-in is successful, You are now signed in as (username) will appear at the top of the page.
- Close the pop-up window.
- (Optional) Under Default Authentication Type for Embedded Views, turn on cloudflareaccess.com (SAML). You can also configure the default authentication type for individual users under Users > Actions > Authentication.