OneLogin Install Guide

  1. Server Setup

    If the server is not already setup for web traffic, install Apache, MySQL, PHP, and dependancies. You can do this with the commands in the setup documentation.

  2. Tableau Online Setup

    Tableau has excellent documentation on connecting OneLogin to Tableau Online. https://onlinehelp.tableau.com/current/online/en-us/saml_config_onelogin.htm

Make sure to follow the additional setup steps in the Tableau Online documentation.

  1. OneLogin App Setup

    In the OneLogin system, ensure you have turned OFF framing protection by going to "Settings->Account Settings". At the bottom of the page, ensure that "Framing Protection" is disabled by "checking" the box next to it. (Make sure to hit "Save" after checking the box! They hide it at the top of the page.)

Then, setup an new App of type "Tableau Online SSO". (In addition to the one you already setup for Tableau Online)

Name this one after the portal.

For the "Consumer URL", paste in the url to the homepage of the portal. For "Audience", put in the portal url without the trailing /, of http/https.

Go to the "SSO" tab for the settings needed for the Portal Setup.

  1. Portal Setup

    In the /backend settings, go to the Settings->Tableau Server Settings->Authentication area. Select "SAML". For the Entity ID and IdP ID, put in the "Audience" that you added to OneLogin.

For the SignOn URL, put the "SAML 2.0 Endpoint (HTTP)" url found in the SSO tab of the App in OneLogin.

For the SignOut URL, put the "SLO Endpoint (HTTP)" url found in the SSO tab of the App in OneLogin.

Hover over "More Actions" in the OneLogin system. Export the SAML Metadata. Open this file with a text editor and copy/paste the certificate from the file into the Certificate area of Tableau Server.

Tableau Online Install Guide

  1. Server Setup

    Follow the standard Tableau Server installation steps for your server type.

In the Tableau Server Settings, use the Tableau Server URL you see when viewing a dashboard (IE: "https://10ay.online.tableau.com"). For the Username/Password, you will need a full administrator of the account.

Select "Custom" as the Tableau Server Site and in the manual entry field, type in the site name. (This will also be in the url when viewing a dashboard)

  1. SSO

    Dashboards loaded in this setup will still have a login box in the middle of the screen when viewing a dashboard for the first time.

Since Tableau Online does not have Trusted Tickets, you will need to implement SAML to have a single sign on system. See the SAML install instructions for more information on setting this up in the portal.

Tableau has excellent documentation on connecting the Tableau Online portion to SAML systems such as Azure AD, OneLogin, PingOne, and Okta: https://onlinehelp.tableau.com/current/online/en-us/saml_config_site.htm

If you do opt for using SAML, follow the following instructions to setup correctly.

At the bottom of the Settings->Authentication page, make sure to select "Single Sign-on with SAML" as the "Default authentication". You will also want to select "Authenticate using an inline frame".

Any users that will be using the portal should be setup to have their "Authentication Type" setup as "Single sign-on with SAML" (See "Users" section).

WARNING: Don't change the Portal's Service User to SAML, this will break the connection to Tableau Server