Tableau Server UserSync Tool
Syncronize Accounts and Groups from any Identity Store with Tableau Server
The Tableau UserSync Tool is an aid in managing your Tableau Server’s User Accounts, Groups and Group-Memberships.
Tableau Server supports several types of Authentication. Most known are ‘Local Users’ and ‘Active Directory’. When Active-Directory (AD) is used, most of the time Tableau Server is able to import users from your domain-controller. Also AD-groups can be imported, including its members. And Tableau can schedule a regular synchronization with your Active-Directory. That’s a good feature of Tableau Server.
Almost implicitly, it is assumed that your domain-controller, with Active-Directory, resides closely to Tableau Server, in the same network segment. But the above prerequisites are not always fulfilled.
The Tableau UserSync Tool helps you out when
Tableau Server cannot be connected to your AD directly
Tableau Server lives in the Cloud and your AD resides on-premise
Your user-store is not even in AD, but might be in a database or some sort of User-Identity Management System
Tableau Server utilizes ‘local users’
Manages group-memberships of user-accounts
Works in conjunction with SAML (ADFS) and OpenID
Support for multiple types of user-stores
The user-stores can be:
- Your remote active-directory
- Based on SQL database-table(s)
- Exports from your user-identity management system
- Exports from other systems with user-accounts
Tableau Server Authentication methods
UserSync works with all Tableau Server authentication methods:
- Local Users,
- Active Directory,
- SAML (ADFS),
- OpenID (Oauth).
Applicable in most IT infrastructures
The only requirement is that Tableau Server must be accessible over the network, just as you would logon to Tableau Server with your browser. It means Tableau Server can reside:
- In a DMZ network segment
- A hybrid environment with on-premise and cloud servers
- In the private-cloud
- In public cloud, such as Tableau Online
The UserSync tool can be installed on your active-directory domain-controller, or your Tableau Server or any system in between.
Tableau Server Authorization
Best Practice with Tableau Server is to apply Authorization by assigning Permissions to Groups in Projects. The UserSync Tool places user-accounts in Groups. Implicitly, this supports your predefined Authorization settings of Groups in Projects. And makes the content of Projects, the Workbooks and Datasources, available for the allowed group-members.
Results of UserSync
Built-in is a mailing feature which informs recipients with the result of the tasks executed by UserSync. It sends the user-list and the log-file as an attachment. It supports an ‘alert-mailto’ list for recipients who needs to be informed when the run fails, for whatever reason.
This is particular useful when the recipient who checks the Usersync runs, has no access to the server running the UserSync tool due to security reasons.
In such cases a second installation and configuration of the UserSync tool, on the Tableau Server for instance, is possible to repeat a UserSync run with the attachments from the mail.
The Tableau UserSync Tool is a combination of Python, Powershell or Unix-scripting and Tableau’s REST-API. It can be installed on Windows and Linux based systems. It works from Tableau Server version 9.1, up to the newest releases of Tableau Server.
And it is blazingly fast! Synchronizing a set of 50.000 users with 1% of changes is done within 30 minutes.
It can be executed multiple times during a day.