Relying Party Configuration - Tableau RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development Employee on Dec 10, 2018Last modified by RSA Information Design and Development Employee on Dec 10, 2018
Version 2Show Document
  • View in full screen mode

This section contains instructions on how to integrate RSA SecurID Access with Tableau using Relying Party. Relying party uses SAML 2.0 to integrate RSA SecurID Access as a SAML Identity Provider (IdP) to Tableau SAML Service Provider (SP).

Architecture Diagram

RSA Cloud Authentication Service

Follow the steps in this section to configure RSA Cloud Authentication Service as a Relying Party SAML IdP to Tableau .


1. Before you begin retrieve the Tableau metadata file.

2. Logon to the RSA Cloud Administrative Console.

3. Browse to Authentication Clients > Relying Parties and click Add a Relying Party.

4. Click the Add a Relying Party button on the My Relying Parties page.

5. From the Relying Party Catalog select the +Add button for Service Provider SAML.

6. Enter a name for the Service Provider in the Name field on the Basic Information page.

7. Click the Next Step button.

8. On the Authentication page, select RSA SecurID Access manages all authentication.

9. From the Primary Authentication Method pulldown, select your desired login method either Password or SecurID.

10. From the Access Policy pulldown select a policy that was previously configured.

11. Select Next Step.

12. Select Import Metadata and use the Tableau metadata file.

13. Verify the Assertion Consumer Service (ACS) URL.

14. Verify the Service Provider Entity ID (Audience) field.

15. If your configuration is not setup for SP signing uncheck SP signs SAML request.

16. Select Show Advanced Configuration.

17. Select Email Address from the Identifier Type pulldown.

18. Select mail from the Property pulldown.

19. Add Attribute Extension FirstName and LastName with their correlated values.

20. Click Save and Finish.

21. Navigate to Users > Identity Sources.

Note: Perform the following steps to all Identity Sources used in the policy.

22. Select Edit for the Identity Source used in the Policy.

23. On the User Attributes page, verify that the Synchronize the selected policy attributes with the Cloud Authentication Service is checked.

24. In the Policies column verify that attribute givenName and sn is checked.

25. Click Next Step.

26. Click Save and Finish.

27. On the top menu click Publish Changes.

28. Navigate to Authentication Clients > Relying Parties.

29. Locate Tableau in the list and from the Edit option, select View or Download IdP Metadata to download the metadata file.



Follow the steps in this section to configure Tableau as a Relying Party SAML SP to RSA Cloud Authentication Service.


1. Obtain the RSA Relying Party metadata file which is needed to configure Tableau.

2. Sign in to Tableau Online with an administrator account.

3. Select Settings > Authentication.

4. Check the box Enable an additional authentication method and choose SAML.

5. Select Edit Connection…

6. In Tableau step 1. click Export metadata to download the service provider metadata file, which will be used to configure the RSA’s Tableau application.

7. Next, in Tableau step 4. import the RSA’s Relying Party metadata file by clicking Browse.

8. Click Apply and the IDP Entity ID and SSO Service URL will be automatically filled in.

9. Select Test Connection. Note: If the connection fails uncheck the SP sign SAML requests box on the RSA Relying Party and retry.

10. After completing the Tableau SAML steps, select Add Users under Manage users and enter the single sign on users' email addresses.

11. Browse to and login with a sso user email address. This will redirect to RSA Relying Party for authentication.


Configuration is complete.

Return to the main page for more certification related information.