Configure OAuth (Public Preview) for Tableau

Preview

This feature is in Public Preview.

This article describes how to configure OAuth for authentication to Tableau. After you complete this one-time configuration as a Databricks account admin, users can use OAuth to sign in to Tableau.

Before you begin

Before you configure OAuth:

Configure a .netrc file to securely pass credentials using cURL

This section describes how to configure a .netrc file to securely pass your Databricks username and password using cURL.

After you complete the one-time OAuth configuration steps in this article, you can remove the .netrc file.

Mac OS

Run the following command, replacing <Databricks account username> and <Databricks account password> with your credentials:

echo machine accounts.cloud.databricks.com login <Databricks account username> password <Databricks account password> >> ~/.netrc

Windows

  1. Run the following command:

    setx HOME %USERPROFILE%
    
  2. In a new terminal window, run the following command, replacing <Databricks account username> and <Databricks account password> with your credentials:

    cd %HOME%
    echo machine accounts.cloud.databricks.com login <Databricks account username> password <Databricks account password> >> .netrc
    

Enroll your Databricks account in OAuth

To enroll your Databricks account in OAuth, do the following:

  1. Locate your account ID.

  2. Run the following curl command:

    curl -n -X POST https://accounts.cloud.databricks.com/api/2.0/accounts/<Databricks account ID>/oauth2/enrollment
    
  3. To verify that your Databricks account is enrolled in OAuth, run the following curl command:

    curl -n -X GET https://accounts.cloud.databricks.com/api/2.0/accounts/<Databricks account ID>/oauth2/enrollment
    

    The following output is returned:

    {"is_enabled":true}
    

    Note

    Enrollment might take a few minutes. If enrollment isn’t complete yet, wait a few minutes and then run the enrollment verification command again.

Add Tableau Desktop as an OAuth application

To add Tableau Desktop as an OAuth application to your Databricks account, do the following:

  1. Locate your account ID.

  2. Run the following curl command:

    curl -n -X POST https://accounts.cloud.databricks.com/api/2.0/accounts/<Account ID>/oauth2/published-app-integrations -d '{ "app_id" : "tableau-desktop" }'
    

    Important

    (Windows) You must use double quotes around the data argument and escape all quotes inside this. For example:

    curl -n -X POST https://accounts.cloud.databricks.com/api/2.0/accounts/<Account ID>/oauth2/published-app-integrations -d "{ \"app_id\" : \"tableau-desktop\" }"
    

    The following output returns:

    {"integration_id":"<Integration ID"}
    

Add Tableau Cloud or Tableau Server as an OAuth application

This section describes how to add Tableau Desktop as an OAuth application to your Databricks account.

Tableau requirements

In addition to the prerequisites described in Before you begin, you must meet the following Tableau requirements:

  • You have a Tableau Cloud account or a Tableau Server installation with one of the following versions:

    • 2021.4.13 or above

    • 2022.1.9 or above

    • 2022.3.1 or above

  • You’re a Tableau Cloud site administrator or a Tableau Server administrator.

Steps

To add Tableau Cloud or Tableau Server as an OAuth application to your Databricks account, do the following:

Locate your account ID.

  1. Locate your Tableau Cloud or Tableau Server URL.

  2. Run the following curl command:

     curl -n -X POST -d '{ "redirect_urls" : [ "<Redirect URL>" ], "confidential" : true, "name" : "<Name>" }' https://accounts.cloud.databricks.com/api/2.0/accounts/<Account ID>/oauth2/custom-app-integrations
    

    For <Redirect URL>, append /auth/add_oauth_token to your Tableau Cloud or Tableau Server URL. For example, https://example.online.tableau.com/auth/add_oauth_token.

    .. important:: (Windows) You must use double quotes around the data argument and escape all quotes inside this. For example:

    curl -n -X POST -d "{ \"redirect_urls\" : [ \"<Redirect URL>\" ], \"confidential\" : true, \"name\" : \"<Name>\" }" https://accounts.cloud.databricks.com/api/2.0/accounts/<Account ID>/oauth2/custom-app-integrations
    

    A client ID and a client secret are generated, and the following output is returned:

     {"integration_id":"<Integration ID>","client_id":"<Client ID>","client_secret":"<Client secret>"}
    
  3. Securely store the client secret.

    Important

    You can’t retrieve the client secret later using the Databricks REST API.

Configure OAuth in Tableau Cloud or Tableau Server

To configure OAuth in Tableau Cloud or Tableau Server, do the following:

  1. Sign in to Tableau Cloud as a site administrator or sign in to Tableau Server as a server administrator.

  2. In the sidebar, click Settings > OAuth Client Registry > Add OAuth client.

  3. For Connection Type, select Databricks.

  4. For Client ID, enter the client ID that was generated in Add Tableau Cloud or Tableau Server as an OAuth application.

  5. For Client Secret, enter the client secret that was generated in Add Tableau Cloud or Tableau Server as an OAuth application.

  6. For Redirect URL, enter the redirect URL from Add Tableau Cloud or Tableau Server as an OAuth application.

  7. Click Add OAuth client.

Troubleshoot OAuth configuration

This section describes how to resolve common issues with OAuth configuration.

404 error from your IdP

Issue: When you try to authenticate to Tableau Cloud or Tableau Server, you see a 404 error.

Cause: OAuth is misconfigured.

Solution: Ensure that you have correctly configured OAuth.

Next steps

Connect to Tableau.