Configure OAuth (Public Preview) for Tableau
Preview
This feature is in Public Preview.
This article describes how to configure OAuth for authentication to Tableau. After you complete this one-time configuration as a Databricks account admin, users can use OAuth to sign in to Tableau.
Before you begin
Before you configure OAuth:
Your Databricks on AWS account must be on the E2 version of the Databricks platform. All new Databricks accounts and most existing accounts are now E2. If you are not sure which account type you have, contact your Databricks representative.
You must be a Databricks account administrator.
Install cURL or an alternative tool for issuing HTTP requests (Mac OS, Windows).
(Optional) To use a custom identity provider (IdP) for Tableau OAuth login, see Enable account single sign-on authentication using OIDC.
Configure a .netrc file to securely pass credentials using cURL
This section describes how to configure a .netrc file to securely pass your Databricks username and password using cURL.
After you complete the one-time OAuth configuration steps in this article, you can remove the .netrc file.
Mac OS
Run the following command, replacing <Databricks account username>
and <Databricks account password>
with your credentials:
echo machine accounts.cloud.databricks.com login <Databricks account username> password <Databricks account password> >> ~/.netrc
Windows
Run the following command:
setx HOME %USERPROFILE%
In a new terminal window, run the following command, replacing
<Databricks account username>
and<Databricks account password>
with your credentials:cd %HOME% echo machine accounts.cloud.databricks.com login <Databricks account username> password <Databricks account password> >> .netrc
Enroll your Databricks account in OAuth
To enroll your Databricks account in OAuth, do the following:
Run the following
curl
command:curl -n -X POST https://accounts.cloud.databricks.com/api/2.0/accounts/<Databricks account ID>/oauth2/enrollment
To verify that your Databricks account is enrolled in OAuth, run the following
curl
command:curl -n -X GET https://accounts.cloud.databricks.com/api/2.0/accounts/<Databricks account ID>/oauth2/enrollment
The following output is returned:
{"is_enabled":true}
Note
Enrollment might take a few minutes. If enrollment isn’t complete yet, wait a few minutes and then run the enrollment verification command again.
Add Tableau Desktop as an OAuth application
To add Tableau Desktop as an OAuth application to your Databricks account, do the following:
Run the following
curl
command:curl -n -X POST https://accounts.cloud.databricks.com/api/2.0/accounts/<Account ID>/oauth2/published-app-integrations -d '{ "app_id" : "tableau-desktop" }'
Important
(Windows) You must use double quotes around the data argument and escape all quotes inside this. For example:
curl -n -X POST https://accounts.cloud.databricks.com/api/2.0/accounts/<Account ID>/oauth2/published-app-integrations -d "{ \"app_id\" : \"tableau-desktop\" }"
The following output returns:
{"integration_id":"<Integration ID"}
Add Tableau Cloud or Tableau Server as an OAuth application
This section describes how to add Tableau Desktop as an OAuth application to your Databricks account.
Tableau requirements
In addition to the prerequisites described in Before you begin, you must meet the following Tableau requirements:
You have a Tableau Cloud account or a Tableau Server installation with one of the following versions:
2021.4.13 or above
2022.1.9 or above
2022.3.1 or above
You’re a Tableau Cloud site administrator or a Tableau Server administrator.
Steps
To add Tableau Cloud or Tableau Server as an OAuth application to your Databricks account, do the following:
Locate your Tableau Cloud or Tableau Server URL.
Run the following
curl
command:curl -n -X POST -d '{ "redirect_urls" : [ "<Redirect URL>" ], "confidential" : true, "name" : "<Name>" }' https://accounts.cloud.databricks.com/api/2.0/accounts/<Account ID>/oauth2/custom-app-integrations
For
<Redirect URL>
, append/auth/add_oauth_token
to your Tableau Cloud or Tableau Server URL. For example,https://example.online.tableau.com/auth/add_oauth_token
... important:: (Windows) You must use double quotes around the data argument and escape all quotes inside this. For example:
curl -n -X POST -d "{ \"redirect_urls\" : [ \"<Redirect URL>\" ], \"confidential\" : true, \"name\" : \"<Name>\" }" https://accounts.cloud.databricks.com/api/2.0/accounts/<Account ID>/oauth2/custom-app-integrations
A client ID and a client secret are generated, and the following output is returned:
{"integration_id":"<Integration ID>","client_id":"<Client ID>","client_secret":"<Client secret>"}
Securely store the client secret.
Important
You can’t retrieve the client secret later using the Databricks REST API.
Configure OAuth in Tableau Cloud or Tableau Server
To configure OAuth in Tableau Cloud or Tableau Server, do the following:
Sign in to Tableau Cloud as a site administrator or sign in to Tableau Server as a server administrator.
In the sidebar, click Settings > OAuth Client Registry > Add OAuth client.
For Connection Type, select Databricks.
For Client ID, enter the client ID that was generated in Add Tableau Cloud or Tableau Server as an OAuth application.
For Client Secret, enter the client secret that was generated in Add Tableau Cloud or Tableau Server as an OAuth application.
For Redirect URL, enter the redirect URL from Add Tableau Cloud or Tableau Server as an OAuth application.
Click Add OAuth client.
Troubleshoot OAuth configuration
This section describes how to resolve common issues with OAuth configuration.
404 error from your IdP
Issue: When you try to authenticate to Tableau Cloud or Tableau Server, you see a 404 error.
Cause: OAuth is misconfigured.
Solution: Ensure that you have correctly configured OAuth.