SSO Agent - SAML Configuration - Tableau RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development Employee on Dec 10, 2018Last modified by RSA Information Design and Development Employee on Dec 10, 2018
Version 2Show Document
  • View in full screen mode

This section contains instructions on how to integrate RSA SecurID Access with Tableau using a SAML SSO Agent.

Architecture Diagram

RSA Cloud Authentication Service

Follow the steps in this section to configure RSA Cloud Authentication Service as an SSO Agent SAML IdP to Tableau .


Before you begin retrieve the Tableau metadata file.

1. Logon to the RSA Cloud Administration Console and browse to Applications > Application Catalog, search for Tableau and click +Add to add the connector.

2. On the Basic Information page, specify the application name and click Next Step.

Note: The following IDP-initiated configuration works for both IDP-initiated and SP- initiated connections.

3. Click on Import Metadata and select the metadata file you downloaded from Tableau.

4. Click Save to accept the settings from the metadata file.

5. On the Connection Profile page, choose IDP –initiated and leave the URL blank.


6. Scroll down to the SAML Identity Provider (Issuer) section.

a. Select Choose File and upload the RSA SecurID Access private key.

b. Select Choose File and upload the RSA SecurID Access public certificate.

7. Scroll down to the Service Provider section.

a. If you imported the metadata file the Assertion Consumer Service (ACS) URL will be auto-filled for you. Example:<string>

b. If you imported the metadata file the Audience (Service Provider Entity ID) will be auto-filled for you. Example:<string>

8. Scroll down to the User Identity section. Set the Identifier Type to Email and Property to mail.

9. Click Show Advanced Configuration and scroll down to Attribute Extension.

10. Add Attributes email, FirstName, and LastName.

11. Scroll down to Uncommon Formatting SAML Response Options.

12. Under Sign Outgoing Assertion, select Assertion within response.

13. Select the Signature Algorithm pulldown for rsa-sha256.

14. Select the Digest Algorithm pulldown for sha256.

Note: If you used the Import metadata option the Encrypt Assertion may be checked. If your account was not configured for this, login will fail. Uncheck this feature and try again.

15. Click Next Step.

16. On the User Access page, select the desired user policy from the drop down list.

17. Click Next Step.

18. On the Portal Display page, select Display in Portal.

19. Click Save and Finish.

20. Click Publish Changes.

21.. Navigate to Applications > My Applications.

22. Locate Tableau in the list and from the Edit option, select Export Metadata.


Follow the steps in this section to configure Tableau as an SSO Agent SAML SP to RSA Cloud Authentication Service.


1. Obtain the RSA SecurID Access IDP metadata file which is needed to configure Tableau.

2. Sign in to Tableau Online with an administrator account.

3. Select Settings > Authentication.

4. Check the box Enable an additional authentication method and choose SAML.

5. Select Edit Connection…

6. In Tableau step 1. click Export metadata to download the service provider metadata file, which will be used to configure the RSA’s Tableau application.

7. Next, in Tableau step 4. import the RSA’s IDP metadata file by clicking Browse and select the metadata file you download from the RSA’s Tableau application.

8. Click Apply and the IDP Entity ID and SSO Service URL will be automatically filled in.

9. Select Test Connection. Note: If the connection fails uncheck the Encryption Assertion option under the Advance Configuration of the RSA Tableau application.

10. After completing the Tableau SAML steps, select Add Users under Manage users and enter the single sign on users' email addresses.


Configuration is complete.

Return to the main page for more certification related information.