Skip to content

Prerequisites

  • Must provision users in both Tableau and AAD
  • Tableau usernames must be an email address

Setup Steps

  1. Register a new Enterprise application in Microsoft Entra ID
  2. Add custom SAML claims in Entra ID
  3. Send values to Zuar
  4. Create Tableau Connected App (Optional. For Tableau integrations only)

Register Entra ID Application

  1. Log in to your Microsoft Azure Portal
  2. Navigate to Microsoft Entra ID Auth0 SAML Setup
  3. Register the Enterprise application:
    1. Click Add > Enterprise application Auth0 SAML Setup
    2. Search for and click on “Microsoft Entra SAML Toolkit” Auth0 SAML Setup
    3. Enter “Zuar Portal” for the name and click Create.
    4. Click “Set up single sign on” card
    5. Click on the “SAML” card
    6. Under “Basic SAML configuration” click “Edit”
    7. Enter the following values:
      1. Identifier (Entity ID): Enter the Zuar Portal URL, e.g. https://example.zuarbase.net
      2. Reply URL (Assertion Consumer Service URL): Enter: https://<your-portal-url>/login (Be sure to replace <your-portal-url> with your actual Portal URL)
      3. Sign on URL: Same as Reply URL (Assertion Consumer Service URL) field above
      4. Relay State: Leave empty
      5. Logout Url: https://<your-portal-url>/saml/slo Auth0 SAML Setup
      6. Click Save.

Register Entra ID Application

  1. On the Attributes & Claims card, click Edit.
  2. Click Add new claim.
  3. For name, enter: username
  4. For Source attribute, enter: user.mail Note: some Azure environments use a different attribute for the email address, eg. user.userprincipalname. Any attribute which sends the user’s email address works.
  5. Click Save Auth0 SAML Setup

Assertions (claims) should also by added for admin and, optionally, groups.

Admin

It's recommended to setup a new Active Directory/Azure group to control access to Portal’s admin functionality (creation of pages, blocks, configuration, etc.). If the user logging in is a member of this group the admin assertion should be set to true; otherwise this should be false. A conditional claim called admin should be setup in Attributes & Claims to evaluate membership in the group and populate the claim appropriately: Auth0 SAML Setup

Groups

(Optional) If Portal is going to leverage Active Directory/Azure groups, they should be passed in an assertion called groups.

Send Metadata to Zuar

Once the application has been created and configured as specified above, send the app’s metadata to your contact at Zuar:

  1. Under SAML Certificates click the Download link next to “Federation Metadata XML
  2. Download/save this XML file and send it to your Zuar contact