Configure Databricks sign-on from Tableau Server

This article describes how to configure Databricks sign-on from Tableau Server. After you complete this one-time configuration as a Databricks account admin, users can connect to Tableau Server using SSO authentication.

The steps in this article aren’t needed for Tableau Desktop and Tableau Cloud, which are enabled as OAuth applications in your Databricks account by default.

You can configure Tableau login with SSO using OIDC and SAML. See Configure Tableau and PowerBI OAuth with SAML SSO. OAuth tokens for Tableau expire after 90 days.

This article is specific to custom Tableau Server OAuth application creation. For generic custom OAuth application creation steps, see the following:

• Enable custom OAuth applications using the Databricks UI

• Enable custom OAuth applications using the CLI

Before you begin

Before you configure Databricks sign-on from Tableau Server:

• You must be a Databricks account administrator.

• Install the Databricks CLI and set up authentication between the Databricks CLI and your Databricks account.

• (Optional) To use a custom identity provider (IdP) for Tableau OAuth login, see Set up SSO in your Databricks account console.

You must also meet the following Tableau requirements:

• You have a Tableau Server installation with one of the following versions:

  • 2021.4.13 or above

  • 2022.1.9 or above

  • 2022.3.1 or above

• You’re a Tableau Server administrator.

Add Tableau Server as an OAuth application

To add Tableau Server as an OAuth application to your Databricks account, do the following:

1. Locate your account ID.

2. Locate your Tableau Server URL.

3. Run the following command:

   databricks account custom-app-integration create --confidential --json '{"name":"<name>", "redirect_urls":["<redirect-url>"], "scopes":["all-apis", "offline_access", "openid", "profile", "email"]}'
   

   • Replace <name> with a name for your custom OAuth application.

   • For <redirect-url>, append /auth/add_oauth_token to your Tableau Server URL. For example, https://example.tableauserver.com/auth/add_oauth_token.

   For more information about supported values, see POST /api/2.0/accounts/{account_id}/oauth2/custom-app-integrations in the REST API reference.

   A client ID and a client secret are generated, and the following output is returned:

   {"integration_id":"<integration-id>","client_id":"<client-id>","client_secret":"<client-secret>"}
   

   Note

   Enabling an OAuth application can take 30 minutes to process.

4. Securely store the client secret.

   Important

   You can’t retrieve the client secret later.

Configure OAuth in Tableau Server

To configure OAuth in Tableau Server, do the following:

1. Sign in to Tableau Server as a server administrator.

2. In the sidebar, click Settings > OAuth Client Registry > Add OAuth client.

3. For Connection Type, select Databricks.

4. For Client ID, enter the client ID that was generated in Add Tableau Server as an OAuth application.

5. For Client Secret, enter the client secret that was generated in Add Tableau Server as an OAuth application.

6. For Redirect URL, enter the redirect URL from Add Tableau Server as an OAuth application.

7. Click Add OAuth client.

Troubleshoot OAuth configuration

This section describes how to resolve common issues with OAuth configuration.

404 error from your IdP

Issue: When you try to authenticate to Tableau Server, you see a 404 error.

Cause: OAuth is misconfigured.

Solution: Ensure that you have correctly configured OAuth.

Next steps

Users can now use SSO to authenticate to Databricks from Tableau Server. See Connect Tableau to Databricks.