Tableau, PingFederate, and AWS IAM Identity Center: A Single Sign-On Symphony

Unlock seamless data access with Tableau, PingFederate, and AWS IAM Identity Center. This guide simplifies single sign-on for secure data analytics.

Ever wished accessing your Amazon Redshift data in Tableau was as smooth as your favorite jazz tune? With the dynamic trio of Tableau, PingFederate, and AWS IAM Identity Center, it's not just a dream—it's a reality. Let's dive into how these technologies harmonize to simplify single sign-on (SSO) and secure your data analytics.

The Power Trio: Tableau, PingFederate, and AWS IAM Identity Center

This blog post explores the setup of single sign-on from Tableau Desktop to Amazon Redshift, leveraging the integration with IAM Identity Center and PingFederate as the identity provider (IdP) with an LDAP based data store, AWS Directory Service for Microsoft Active Directory.

Key Insights and Implementation

The core idea is to enable federated user authentication. User identities managed in PingFederate are trusted and propagated to Amazon Redshift via AWS IAM Identity Center. This eliminates the need for managing separate database credentials within Tableau, streamlining access and enhancing security.

Setting Up the Stage: SAML and SCIM

The integration begins with configuring SAML and SCIM between PingFederate and IAM Identity Center. PingFederate connects to IAM Identity Center using SAML. The users and groups in PingFederate are synced to IAM Identity Center using an open standard SCIM.

Token Management: The Key to Seamless Access

To enable single sign-on to Amazon Redshift from outside of AWS using a third-party client like Tableau, you set up a trusted token issuer token exchange using OIDC standard.

Token mapping in PingFederate allows mapping attributes to OAuth access tokens and OpenID Connect ID (OIDC) tokens.

Tableau Configuration: Making the Connection

Tableau needs to be configured to trust the tokens issued by PingFederate through IAM Identity Center. This involves setting up OAuth configurations within Tableau Desktop, Server, or Cloud, pointing them to the trusted token issuer.

Note: Currently this integration is not supported in macOS because the Amazon Redshift ODBC 2.X Driver is not supported yet for MAC.

My Two Cents: Why This Matters

In my experience, simplifying user access while maintaining robust security is a constant balancing act. The integration of Tableau, PingFederate, and AWS IAM Identity Center offers a elegant solution. By centralizing identity management and leveraging trusted token exchange, organizations can significantly reduce administrative overhead and improve the overall user experience. The use of open standards like SAML, SCIM, and OIDC ensures interoperability and reduces vendor lock-in.

Wrapping Up: A Harmonious Conclusion

So there you have it! Integrating Tableau with PingFederate and AWS IAM Identity Center isn't just about connecting tools; it's about creating a secure, streamlined, and user-friendly data analytics experience. Now go forth and make some data-driven music!