Connecting to Tableau with SSO

You can use AtScale's branded Tableau connector to connect to Tableau Desktop and Server via SSO.

Prerequisites

• You must use Microsoft Entra ID (with OpenID Connect) as your identity provider. For instructions on configuring this, see Configuring Microsoft Entra ID with OpenID Connect.

• If you're connecting to Tableau Server, it must be configured as follows:

  • Port 15432 must be open so Tableau Server can receive data from AtScale.
  • TLS must be enabled. For more information, refer to the Tableau documentation.

Configuring AtScale

In order to connect to Tableau via SSO, make the following changes to the AtScale engine settings. For instructions, see Changing Engine Settings.

• tableau.pgwire.client.protocol = atscale_pgwire
• tableau.connector.type = atscale_pgwire
• tableau.pgwire.authentication = username_password (Note that this is a custom engine setting.)
• tableau.pgwire.authentication = oauth (Note that this is a custom engine setting.)

Configuring Tableau Desktop

1. Download the following files:

   • Tableau AtScale Postgres connector (automatic download)
   • Postgres Driver (Java 8)

2. Move the PostgresSQL driver to ~/Library/Tableau/Drivers.

3. Move the AtScale connector to ~/My Tableau Repository/Connectors.

4. In AtScale, redeploy the catalog you want to connect to, then download its .tds file. For instructions, see Deploying a Catalog.

5. Open the .tds file.

Tableau opens a window in your browser to authenticate. If it is successful, you can begin working in Tableau Desktop as normal.

Configuring Tableau Server

1. On Tableau Server:

   1. Download the following files:

      • Tableau AtScale Postgres connector (automatic download)
      • Postgres Driver (Java 8)

   2. Move the AtScale Posgres connector to C:\Program Files\Tableau\Connectors.

   3. Move the Postgres Driver to C:\Program Files\Tableau\Drivers.

   4. Import the AtScale SSL cert(s) to Tableau Server.

   5. Restart Tableau Server.

2. Log in to the Tableau Server Browser as an admin and do the following:

   1. Go to Settings > General > OAuth Clients Registry.

   2. Click Add OAuth Client and complete the following fields:

      • Connection Type: Select AtScale by AtScale.
      • OAuth Provider: Enter atscale_keycloak.
      • OAuth Instance URL: Enter the URL for AtScale.
      • Client ID: Enter atscale-tableau-connector.
      • Redirect URL: Enter <tableau server url>/auth/add_oauth_token.

   3. Click Add OAuth Client.

3. Log in to AtScale as an admin user and do the following:

   1. Open the main menu and select Security. The Identity Broker opens.
   2. In the left-hand navigation, click Clients.
   3. Click the atscale-tableau-connector client, then click the Settings tab.
   4. In the Access settings section, locate the Valid redirect URIs field and add a new URI. This should be the URL for Tableau Server, with /auth/add_oauth_token appended.

4. In Design Center, redeploy the catalog you want to connect to, then download its .tds file. For instructions, see Deploying a Catalog.

5. Open the .tds file in Tableau Desktop and publish it to Tableau Server.

6. Log in to Tableau Server and open the workbook.

7. Log in using your AtScale credentials.

If login is successful, you can begin working in Tableau Server as normal.