SAML v2 & Tableau Cloud
Tableau is one of the most advanced data visualization tools used for business intelligence and data analysis. This document covers the configuration necessary to get Tableau Cloud working with FusionAuth as the identity provider using SAML v2, allowing users to log in to your Tableau Cloud account using their FusionAuth credentials.
This document assumes you have a running instance of FusionAuth and a working Tableau Cloud application. You will also need admin accounts for both to configure them correctly.
Finally, you’ll need a FusionAuth user that you will use to sign into Tableau. You can use an existing user or create a new user for this purpose.
Enabling SAML for Tableau
In your Tableau Cloud dashboard, navigate to Enable an additional authentication method, choose SAML and click Edit connection to open the settings.. Select
Copy both Tableau Cloud entity ID and Assertion Consumer Service URL (ACS) from Export metadata from Tableau Cloud and write them down. You’ll use them shortly.
Now, log in to your FusionAuth instance to create a new application. Navigate to
Go to the Enabled switch. Paste the Tableau Cloud entity ID and Assertion Consumer Service URL (ACS) you copied from Tableau to Issuer and Authorized redirect URLs fields in your FusionAuth application, respectively.tab and toggle the
Tableau Cloud entity ID
Assertion Consumer Service URL (ACS)
Authorized redirect URLs
Click to save your application.
In the SAML v2 Integration details section.page, click on the button next to your application to view its details. In the modal that opens, scroll down a bit until you reach the
Copy the address from Metadata URL: and open it in a new tab in your browser. If the file didn’t automatically download, save it.
Go back to your Tableau account and upload this in the Import metadata file into Tableau Cloud field by either dropping the file there or clicking Choose a file and selecting it. Click Apply to load the information from the metadata file into both IdP entity ID and SSO Service URL fields. You should see something like the image below.
Click Test Connection to open a modal with the FusionAuth login screen. Fill in your credentials and submit the form. You should see a Successfully connected to server message below that button.
In Match attributes, map email, first and last name fields like shown in the image below and click Apply.
Add a New User
In your Tableau Cloud account, go to Manage Users. Click Manage Users and then Add Users by Email to send invites to the desired users. Tableau supports SCIM for automated provisioning, as does FusionAuth, but that is beyond the scope of this document. You must provide the same addresses they use to log in to your FusionAuth instance.(the same page you’ve configured the authentication above) and scroll down to
After doing so, they should receive an email with a link to the login page. When browsing to that page, they should enter their email address.
They’ll be redirected to the FusionAuth login screen when they click Sign in. There, they should fill in the credentials for their FusionAuth account. After they authenticate successfully, they will be sent to the Tableau Cloud dashboard.
Make sure you paste the right information from Tableau Cloud entity ID and Assertion Consumer Service URL (ACS) fields into your FusionAuth application.
You can also browse to Download log file in Troubleshooting single sign-on (SSO) to further investigate.in your Tableau Cloud dashboard and click
Finally, you can edit your FusionAuth application, go to the Debug enabled to create an event log with more information. To see these logs, browse to .tab and click
You can also review the Tableau Cloud SSO docs.
How helpful was this page?
See a problem?
File an issue in our docs repo
Have a question or comment to share?
Visit the FusionAuth community forum.