Tableau Setup
Before you can set up Okta SAML authentication for Curator, you need to ensure that your Tableau Server or Tableau Cloud is configured to work with Okta. This involves setting up SAML authentication on Tableau, which is a prerequisite for integrating with Okta. You can either refer to the Tableau Cloud guide to setting up Okta or the Okta guide to configure SAML for Tableau Server.Creating an Okta Application
In order to link Curator to your Okta instance, you must first create a new Application on Okta. If you already have an Okta application set up for Tableau (Server or Cloud), you will not be able to re-use that application for Curator and will need to create an application dedicated to Curator integration. Refer to the Okta document on creating a new SAML 2.0 integration.Curator Details to use for your Curator Okta app
You will need to use some Curator-specific details when setting up the Okta application. Below are the details you would use for a new Curator site installed at the urlhttps://mycuratorsite.com:
- Single sign-on URL:
https://mycuratorsite.com. This is the URL that users will be redirected to after logging in. Use the URL to the homepage of Curator. - Audience URI (SP Entity ID):
curator-site.comThis is the identifier for the service provider (Curator) in the SAML authentication process. - Application username format:
Email(typically). If your users do not use email to login to Okta applications, then select the format that matches Tableau Okta app’s usernames. - Application username format:
user.email(typically). If your users do not use email to login to Okta applications, then select the user-attribute that matches the Tableau Okta app’s usernames.
Curator Setup
Once you’ve created the Okta application, you can proceed to configure Curator to use SAML authentication with Okta.Export Authentication Metadata from Okta
Follow the Okta guide to downloading your SAML metadata. Ultimately, this will provide you with a.xml file that contains the necessary metadata for
integrating Okta with Curator.
Add Okta metadata to Curator
In the backend of Curator using the left-hand navigation, navigate to the Settings > Security > Authentication Settings page. On the Authentication Settings page click the General tab.Importing Okta Metadata
From the authentication list select “SAML”. You can use the “Import SAML Metadata” button to import the XML file you generated from Okta.
Manually Entering Okta Metadata
Alternatively, you can manually enter the information:- Entity ID: Enter the “Audience URI (SP Entity ID)” you filled in before.
- SignOn URL: Enter the “Identity Provider Single Sign-On URL” URL found in the setup section.
- IdP ID: Enter the “Identity Provider Issuer” from the setup section.
- SignOut URL: Enter the URL of the application
/login/signout(i.e. https://mydomain.okta.com/login/signout) - Certificate: Open the “SAML Advanced” section, copy the certificate text from Okta, and paste it in the field.
Enabling iFrames for Tableau’s Okta App
You may encounter issues with seamlessly embedding Tableau content in Curator if the Okta application is not set up to allow iFrame embedding - if you see an image like the one below when trying to access Tableau content in Curator, then you will need to refer to Tableau’s guide on enabling iFrame embedding for Okta to complete your Okta integration.