Skip to main content

Capabilities

ResourceSyncProvision
Accounts
Groups
Sites
Licenses
Projects
Workbooks
Views
The Tableau connector supports automatic account provisioning and deprovisioning.

Permission inheritance

Tableau uses a permission inheritance model that affects how access is synced and provisioned:
  • Projects with LockedToProject: When a project’s content permissions are set to LockedToProject, workbooks inside that project inherit the project’s permissions and cannot be granted or revoked independently — permissions must be changed at the project level instead.
  • Workbooks with showTabs=true: Views (dashboards) inside these workbooks inherit their permissions from the workbook. View-level permissions cannot be granted or revoked independently — attempting to do so returns a clear error. Use the workbook entitlement instead.
  • Workbooks with showTabs=false: Views have their own independent permission assignments, which can be granted and revoked directly.

Gather Tableau credentials

Configuring the connector requires you to pass in credentials generated in Tableau. Gather these credentials before you move on.
A user with the Server Administrator role in Tableau Server or Site Administrator in Tableau Cloud must perform this task.
To work with the Tableau APIs, you’ll need either an installation of Tableau Server or membership in the Tableau Developer Program, which grants you a personal Tableau Cloud sandbox.

Generate a Personal Access Token

1
Sign into Tableau Server or Tableau Cloud.
2
In the menu bar at the top of the page, click your profile image or initials and select My Account Settings from the menu.
3
In the Personal Access Tokens area of the page, enter a name for your new token (such as “C1 integration”) and then click Create.
4
Carefully copy and save the newly generated token and its name.

Locate your server path and site ID

1
Locate your server path, which is the base URL for your Tableau server.
2
Locate your site ID, which is the value that appears after /site/ in the full URL for your Tableau instance.Examples:For a Tableau Server instance with the URL http://SampleServer#/site/SecurityTeam/projects, the server path is SampleServer and the site ID is SecurityTeam.For a Tableau Cloud instance with the URL https://10ay.online.tableau.com#/site/MarketingTeam/workbooks, the server path is 10ay.online.tableau.com and the site ID is MarketingTeam.That’s it! Next, move on to the connector configuration instructions.

Configure the Tableau connector

To complete this task, you’ll need:
  • The Connector Administrator or Super Administrator role in C1
  • Access to the set of Tableau credentials generated by following the instructions above
Follow these instructions to use a built-in, no-code connector hosted by C1.
1
In C1, navigate to Integrations > Connectors and click Add connector.
2
Search for Tableau and click Add.
3
Choose how to set up the new Tableau connector:
  • Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren’t yet managed with C1)
  • Add the connector to a managed app (select from the list of existing managed apps)
  • Create a new managed app
4
Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of C1 users. Setting multiple owners is allowed.If you choose someone else, C1 will notify the new connector owner by email that their help is needed to complete the setup process.
5
Click Next.
6
Find the Settings area of the page and click Edit.
7
Enter the site ID and server path into the Site ID and Server path fields.
8
Enter the name of the personal access token into the Access token name field.
9
Enter the personal access token value into the Access token secret field.
10
Click Save.
11
The connector’s label changes to Syncing, followed by Connected. You can view the logs to ensure that information is syncing.
That’s it! Your Tableau connector is now pulling access data into C1.

Configure IDP-based account provisioning

When provisioning Tableau accounts (Licenses resource type), the connector supports two optional fields in the provisioning mapping that control how new accounts are authenticated:
FieldDescription
IDP Configuration NameName of an IDP configuration defined on your Tableau site (e.g., a SAML provider). When set, new accounts are created using that IDP. Requires Tableau API version ≥ 3.22.
With MFAWhen set to true, new accounts are created using Tableau’s built-in MFA authentication. Takes precedence over IDP Configuration Name if both are set.
These fields appear in the provisioning mapping for the Licenses entitlement in C1 and are not part of the connector’s base configuration.

Behavior reference

ConfigurationResult
Neither field setAccount created with Tableau site default authentication
IDP Configuration Name set, IDP foundAccount created with the named IDP
IDP Configuration Name set, IDP not foundProvisioning fails with an explicit error naming the missing IDP
IDP Configuration Name set, API version < 3.22Provisioning fails with an explicit error — upgrade your Tableau Server or remove the field
With MFA = trueAccount created with Tableau MFA — IDP Configuration Name is ignored regardless of API version
If your Tableau Server uses an API version older than 3.22 and you do not set IDP Configuration Name, account provisioning uses the site default authentication without error. The IDP endpoint is only required when you explicitly configure an IDP name.