Tableau，Pingfederate和AWS IAM身份中心：一個單一的交響曲

使用Tableau，Pingfederate和AWS IAM身份中心解鎖無縫數據訪問。本指南簡化了安全數據分析的單登錄。

Ever wished accessing your Amazon Redshift data in Tableau was as smooth as your favorite jazz tune? With the dynamic trio of Tableau, PingFederate, and AWS IAM Identity Center, it's not just a dream—it's a reality. Let's dive into how these technologies harmonize to simplify single sign-on (SSO) and secure your data analytics.

曾經希望在Tableau訪問您的Amazon Redshift數據和您最喜歡的爵士音樂一樣流暢嗎？有了Tableau，Pingfederate和AWS IAM身份中心的動態三人組，這不僅是一個夢，而且是現實。讓我們深入了解這些技術如何協調以簡化單個登錄（SSO）並保護您的數據分析。

The Power Trio: Tableau, PingFederate, and AWS IAM Identity Center

Power Trio：Tableau，Pingfederate和AWS IAM身份中心

This blog post explores the setup of single sign-on from Tableau Desktop to Amazon Redshift, leveraging the integration with IAM Identity Center and PingFederate as the identity provider (IdP) with an LDAP based data store, AWS Directory Service for Microsoft Active Directory.

這篇博客文章探討了從Tableau桌面到Amazon Redshift的單個登錄設置，利用與IAM身份中心的集成，並使用基於LDAP的數據存儲，AWS Directory Service，用於Microsoft Active Directory Directory。

Key Insights and Implementation

關鍵見解和實施

The core idea is to enable federated user authentication. User identities managed in PingFederate are trusted and propagated to Amazon Redshift via AWS IAM Identity Center. This eliminates the need for managing separate database credentials within Tableau, streamlining access and enhancing security.

核心想法是啟用聯合用戶身份驗證。 Pingfederate管理的用戶身份通過​​AWS IAM身份中心信任並傳播到Amazon Redshift。這消除了在Tableau內部管理單獨的數據庫憑據的需求，從而簡化了訪問並增強安全性。

Setting Up the Stage: SAML and SCIM

設置舞台：SAML和SICIM

The integration begins with configuring SAML and SCIM between PingFederate and IAM Identity Center. PingFederate connects to IAM Identity Center using SAML. The users and groups in PingFederate are synced to IAM Identity Center using an open standard SCIM.

集成始於在Pingfederate和IAM身份中心之間配置SAML和SCIM。 Pingfederate使用SAML連接到IAM身份中心。 Pingfederate中的用戶和組使用開放的標準SCIM同步到IAM身份中心。

Token Management: The Key to Seamless Access

令牌管理：無縫訪問的關鍵

To enable single sign-on to Amazon Redshift from outside of AWS using a third-party client like Tableau, you set up a trusted token issuer token exchange using OIDC standard.

要使用Tableau等第三方客戶端從AWS外部向Amazon Redshift啟用單次登錄，您可以使用OIDC標准設置一個值得信賴的令牌發行人令牌交換。

Token mapping in PingFederate allows mapping attributes to OAuth access tokens and OpenID Connect ID (OIDC) tokens.

Pingfederate中的令牌映射允許將屬性映射到OAuth訪問令牌和OpenID Connect ID（OIDC）令牌。

Tableau Configuration: Making the Connection

Tableau配置：建立連接

Tableau needs to be configured to trust the tokens issued by PingFederate through IAM Identity Center. This involves setting up OAuth configurations within Tableau Desktop, Server, or Cloud, pointing them to the trusted token issuer.

需要配置Tableau，以信任Pingfederate通過IAM身份中心發行的令牌。這涉及在Tableau桌面，服務器或云中設置OAuth配置，將其指向受信任的令牌發行人。

Note: Currently this integration is not supported in macOS because the Amazon Redshift ODBC 2.X Driver is not supported yet for MAC.

注意：目前，MACOS不支持此集成，因為Amazon Redshift ODBC 2.x驅動程序尚未支持Mac。

My Two Cents: Why This Matters

我的兩分錢：為什麼這很重要

In my experience, simplifying user access while maintaining robust security is a constant balancing act. The integration of Tableau, PingFederate, and AWS IAM Identity Center offers a elegant solution. By centralizing identity management and leveraging trusted token exchange, organizations can significantly reduce administrative overhead and improve the overall user experience. The use of open standards like SAML, SCIM, and OIDC ensures interoperability and reduces vendor lock-in.

以我的經驗，在保持穩健安全性的同時簡化了用戶訪問是一種不斷的平衡行為。 Tableau，Pingfederate和AWS IAM身份中心的整合提供了優雅的解決方案。通過集中身份管理並利用受信任的令牌交換，組織可以大大減少管理開銷並改善整體用戶體驗。使用SAML，SCIM和OIDC之類的開放標準可確保互操作性並減少供應商的鎖定性。

Wrapping Up: A Harmonious Conclusion

總結：和諧的結論

So there you have it! Integrating Tableau with PingFederate and AWS IAM Identity Center isn't just about connecting tools; it's about creating a secure, streamlined, and user-friendly data analytics experience. Now go forth and make some data-driven music!

所以你有！將Tableau與Pingfederate和AWS IAM身份中心集成在一起，不僅僅是連接工具；這是關於創建安全，精簡和用戶友好的數據分析經驗。現在去做一些數據驅動的音樂！