10 January 2022
How to seamlessly integrate analytics into your product with Connected Apps by Tableau
We have heard from our customers that a secure, seamless, and easy-to-use authentication method is critical to the success of integrating Tableau analytics. Connected Apps can provide a simple and delightful authentication experience to end users, whether you’re embedding Tableau in your own applications, client web portals, or third-party SaaS platforms implanted in your business.
With Connected Apps, you can set up a direct trust relationship between Tableau and your application server. This enables users who already login to your application to single sign-on (SSO) to Tableau and view the embedded content without being redirected to a third-party Identity Provider for in-frame authentication. This works by using a JSON Web Token (JWT) signed with a shared secret that a site admin (Tableau Online) or server admin (Tableau Server) can manage in specific Connected Apps.
• Unlock seamless SSO for embedded analytics When including visualizations powered by Tableau in your application, it’s indispensable to our customers to offer a fully integrated experience for end users. This ensures that they can seamlessly access data and analytics without distinguishing Tableau from your product.
Connected Apps makes it easy to achieve single sign-on in this case. It’s also a better authentication method if you are currently using SAML or OpenID Connect and experiencing restrictions, such as in-frame authentication not supported by your Identity Provider, end users prompted with extra clicks to log in, or if you have security concerns related to disabling Clickjack protection.
Content embedded via Connected Apps can be displayed smoothly to any user who has already authenticated to your application. With the shared secret, Tableau can verify that your application is trusted and creates a valid session for the user.
• Enhanced security control with Connected Apps Connected Apps not only improves the end user experience, but also provides better security controls for admins by allowing them to explicitly define what analytics content can be embedded and where.
Let’s say you run a retail business and you want to share the inventory status to my order management team. This means the Connected App, when applied for embedding, only allows sharing for the content in the folder.
Since inventory data is for internal use only, you want to make sure the analytics are only accessible through an internal portal for the order management team. I can add the valid portal domains to the Connected App and just like that, you’re able to ensure your data is exposed only under the secured domains approved by your business.
• Why adopt Connected Apps as early as possible? Even if you’re using Tableau Server today and things are working fine with Trusted Authentication, we still highly recommend you to switch to Connected Apps. This is because it’s based on modern authentication standards and better protects your site from potential privilege escalations exposed by the old IP allow list-based control. While Trusted Authentication will remain as supported for now, we eventually plan to replace and enhance its functionality with Connected Apps (we will be sure to communicate our timeline once planned).
• What comes next? Connected Apps is not only a feature for embedding your analytics, but also a new authentication framework that Tableau plans to continuously invest in, unlocking easier and better integrations with your business. New initiatives on our roadmap for future releases include the capability to authenticate users in your application without pre-provisioning and managing them in Tableau, as well as the capability to include claims and attributes in authentication flow to dynamically define and grant access to users.