Set up Tableau to connect to databases through Cyral
You can set up Cyral to allow secure SSO connections to your repositories from Tableau users. When these users connect, a service account establishes the connection to the data repository. Cyral's service account resolution tracks the SSO end user's identity, disambiguating it from the common identity of the service account.
In the steps below, you’ll set up one or more service accounts that your Tableau users can use to connect to a repository, and you’ll configure Cyral and Tableau to resolve the SSO username and group when the service account is used.
- Set up Azure AD or Okta SSO for the repository.
- Set up the SCIM integration between Cyral and your identity provider (Azure AD or Okta)
In the Cyral control plane UI, go to Data Repos ➡️ choose your repository ➡️ Apps and BI Tools.
Click Register Database Account
In the Register Database Account wizard, provide the Database account name and click Next.
This account name must match an existing account on the database to which you're connecting. Connections via Tableau will use this service account to connect, and Cyral's SSO capability will track the actual SSO user identity associated with each session.
Click Tableau and click Next.
If you want to track users' group affiliations and write access policies based on groups, turn ON Retrieve SSO group membership for users accessing data through this application.
Below the checkbox, you can see the name of the identity provider (IdP) that will provide group information.
If you haven't set up SSO or SCIM for the repo, click the Configure IdP Integration or Configure SCIM button to set it up now.
The Cyral UI displays instructions for configuring the database connection in Tableau.
Open a new browser tab and log in to your Tableau console. Find your data source(s) that connect to this repository using this service account, and edit the connections as shown in Cyral's on-screen instructions, also shown here:
- Copy the Server and Port values shown in the Cyral UI and paste them into the corresponding fields in the General tab in Tableau.
- Copy the Initial SQL value from Cyral to the Initial SQL tab in Tableau.
- Click Sign In to save the configuration.
- Publish your data source to apply your configuration changes.
In the Cyral UI, click the "I've configured" checkbox and click Next.
Provide a name for your application and click Register. This name will be logged to identify user sessions initiated through this database account.
Your setup is complete. SSO users can start connecting to the repository via Tableau, and Cyral will secure and monitor the connection, attributing each action to the responsible SSO user.