Okta Install Guide

  1. Server Setup

    If the server is not already setup for web traffic, install Apache, MySQL, PHP, and dependancies. You can do this with the commands in the setup documentation.

  2. Tableau Online Setup

    Tableau has excellent documentation on connecting Okta to Tableau Online. https://onlinehelp.tableau.com/current/online/en-us/saml_config_okta.htm

Make sure to follow the additional setup steps in the Tableau Online documentation.

  1. Okta App Setup

    In the Okta system, ensure you have turned ON iFrame embedding by going to "Settings->Customization". (The Tableau Documentation has this, but it is marked as "optional". It's not optional for portal installs.)

Then, setup an new Application. Applications -> Create New App. (In addition to the one you already setup for Tableau Online)

Name this one after the portal.

For the "Single sign on URL", paste in the url to the homepage of the portal. For "Audience URI (SP Entity ID)", put in the portal url without the trailing /, of http/https.

Select "Email" as the "Application username format".

Add an additional attribute of "username" with the value "user.email".

Click "View Setup Instructions" to get the information you need for the portal.

  1. Portal Setup

    In the /backend settings, go to the Settings->Tableau Server Settings->Authentication area. Select "SAML". For the Entity ID put the "Audience URI (SP Entity ID)" you filled in before.

For the SignOn URL, put the "Identity Provider Single Sign-On URL" url found in the setup section.

For the IdP ID, put the "Identity Provider Issuer" from the setup section.

For the SignOut URL, put the url of the application /login/signout (IE: https://mydomain.okta.com/login/signout)

Click the link to the "Identity Provider metadata". Open this file with a text editor and copy/paste the certificate from the file into the Certificate area of Tableau Server.

  1. Optional Setup

    You may want to select a few options to make the login process more streamlined. First, set the portal application to "Auto-launch" in the "edit application" section.

You may also wish to hide the Tableau Online icon from users. You can do this in the edit application area for the Tableau Online app. Under "App Settings", select "Do not display application icon to users".

You can also select a custom sign-out page to point the user back to the portal, so that they don't end up in a weird Okta loop. To do this, go to Settings->Customization->Signout Page. Make the signout page the url of your portal.