Configure Databricks sign-on from Tableau Server
This article describes how to configure Databricks sign-on from Tableau Server. After you complete this one-time configuration as a Databricks account admin, users can connect from Tableau Server using SSO authentication.
The steps in this article aren’t needed for Tableau Desktop and Tableau Cloud, which are enabled as OAuth applications in your Databricks account by default.
You can configure Tableau login with SSO using OIDC and SAML. See Configure Tableau and Power BI OAuth with SAML SSO. OAuth tokens for Tableau expire after 90 days. To override this policy, see Override the default token lifetime policy for Tableau Cloud or Tableau Server.
This article is specific to custom Tableau Server OAuth application creation. For generic custom OAuth application creation steps, see the following:
Before you begin
Before you configure Databricks sign-on from Tableau Server:
You must be a Databricks account administrator.
Install the Databricks CLI and set up authentication between the Databricks CLI and your Databricks account.
(Optional) To use a custom identity provider (IdP) for Tableau OAuth login, see Configure SSO in Databricks.
You must also meet the following Tableau requirements:
You have a Tableau Server installation with one of the following versions:
2021.4.13 or above
2022.1.9 or above
2022.3.1 or above
You’re a Tableau Server administrator.
Add Tableau Server as an OAuth application
To add Tableau Server as an OAuth application to your Databricks account, do the following:
Locate your Tableau Server URL.
Run the following command:
databricks account custom-app-integration create --confidential --json '{"name":"<name>", "redirect_urls":["<redirect-url>"], "scopes":["all-apis", "offline_access", "openid", "profile", "email"]}'
Replace
<name>
with a name for your custom OAuth application.For
<redirect-url>
, append/auth/add_oauth_token
to your Tableau Server URL. For example,https://example.tableauserver.com/auth/add_oauth_token
.
For more information about supported values, see POST /api/2.0/accounts/{account_id}/oauth2/custom-app-integrations in the REST API reference.
A client ID and a client secret are generated, and the following output is returned:
{"integration_id":"<integration-id>","client_id":"<client-id>","client_secret":"<client-secret>"}
Note
Enabling an OAuth application can take 30 minutes to process.
Securely store the client secret.
Important
You can’t retrieve the client secret later.
Configure OAuth in Tableau Server
To configure OAuth in Tableau Server, do the following:
Sign in to Tableau Server as a server administrator.
In the sidebar, click Settings > OAuth Client Registry > Add OAuth client.
For Connection Type, select Databricks.
For Client ID, enter the client ID that was generated in Add Tableau Server as an OAuth application.
For Client Secret, enter the client secret that was generated in Add Tableau Server as an OAuth application.
For Redirect URL, enter the redirect URL from Add Tableau Server as an OAuth application.
Click Add OAuth client.
Troubleshoot OAuth configuration
This section describes how to resolve common issues with OAuth configuration.
404 error from your IdP
Issue: When you try to authenticate to Tableau Server, you see a 404 error.
Cause: OAuth is misconfigured.
Solution: Ensure that you have correctly configured OAuth.
Next steps
Users can now use SSO to authenticate to Databricks from Tableau Server. See Connect Tableau and Databricks.