Identity pools are an identity management tool that uses provisioning and authentication information to enable user access to Tableau Server. Identity pools enable a more centralized and flexible identity management workflow. For more information, see Provision and Authenticate Users Using Identity Pools in the Tableau Server Help.
The identity pools methods allow you to:
Provision users by creating a new local identity store instance. Note: Skip this step to use an existing local identity store or the external identity store you configured in TSM during Tableau Server setup.
Set up an authentication method to authenticate your users to Tableau Server using OpenID Connect (OIDC).
Create an identity pool that uses the identity store and authentication method you configured.
Add users to an identity pool using the Add User to Identity Pool endpoint using the Tableau REST API.
Refer to the Tableau Server Help for testing, managing, and troubleshooting identity pools.
Note: Identity pools do not replace the user provisioning and authentication configurations you made during Tableau Server setup. The purpose of identity pools is to complement and support additional user provisioning and authentication options you might need in your organization.
PrerequisitesBefore getting started with identity pools, the following requirements must be met:
Integration with an OIDC identity provider (IdP), such as Okta, is already configured
You are running Tableau Server 2023.1 or later
You have performed the identity migration if you are running Tableau Server after upgrading from version 2021.4 or earlier
You have performed the steps described at Step 1: Configure Tableau Server and establish a session in the Tableau Server Help
You can use the Identity Pools Postman collection in the Salesforce Developer's Postman workspace to learn about, develop, and test the methods described.
This functionality relates to the concepts and procedures described in the Set Up and Manage Identity Pools topic in the Tableau Server Help.
Add User to Identity PoolAdd a user to a specified identity pool.
This enables the user to sign in to Tableau Server using the specified identity pool. This method is not available for Tableau Cloud.
For more information about identity pools, see Provision and Authenticate Users Using Identity Pools(Link opens in a new window).
URIPOST /api/api-version/sites/site-id/users/identityPool
Parameter Values api-version The version of the API to use, such as3.26. For more information, see REST API and Resource Versions. site-id The ID of the site that is associated with the user you want to add to the identity pool. Request Body
<tsRequest>
<user
name="user-name"
siteRole="site-role"
id="user-id"
authSetting="authentication-configuration"
identityPoolUuid="idpool-uuid"
identityUuid="identity-uuid" />
</tsRequest>The name of the user to add.
site-roleSite role of the user. You can use one of the following values:
This method can only be called by Tableau Server administrators.
Response Code200
Response BodyExample response:
<tsResponse>
<user
identityPoolUuid="df47cf24-5ed3-11ed-9b6a-0242ac12000"
id="7ad8f89e-c2a1-44b4-9413-ac8a62286a7a"
name="Michele Kim" />
</tsResponse> Version 3.19 and later. For more information, see REST API and Resource Versions.
Errors HTTP statuserror Code Condition Details 400 400000 Bad request The content of the request body is missing or incomplete, or contains malformed XML. 404 404000 Site not found The site ID in the URI doesn't correspond to an existing site. 405 405000 Invalid request method Request type was not POST. 429 429001 User conflict The specified user is already a member of the identity pool. 429 429002 Can't add user There was a problem and the user couldn't be added to the identity pool.
For more information, see Handling Errors.
Examplecurl "http://MY-SERVER/api/3.26/sites/9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d/users/identityPool" -X POST -H "X-Tableau-Auth:12ab34cd56ef78ab90cd12ef34ab56cd" -d @add-user-to-idpool.xml
MY-SERVER is the name or IP address of your server.9a8b7c6d5-e4f3-a2b1-c0d9-e8f7a6b5c4d is the ID of the site, as returned by a previous call to Sign In.12ab34cd56ef78ab90cd12ef34ab56cd is the credentials token returned by a previous call to Sign In.Content of add-user-to-idpool.xml:
<tsRequest>
<user id="7ad8f89e-c2a1-44b4-9413-ac8a62286a7a" />
</tsRequest>Example response:
<?xml version="1.0" encoding="UTF-8" ?>
<tsResponse version-and-namespace-settings>
<user identityPoolUuid="7b54b6a8-6095-11ed-9b6a-0242ac120002"
id="7ad8f89e-c2a1-44b4-9413-ac8a62286a7a" name="Michele Kim" />
</tsResponse>Remove a user from a specified identity pool.
This method is not available for Tableau Cloud.
URIDELETE /api/api-version/sites/site-id/users/user-id/identityPool/idpool-uuid
Parameter Values api-version The version of the API to use, such as3.26. For more information, see REST API and Resource Versions. site-id The ID of the site that is associated with the user you want to remove from the identity pool. user-id The ID of the user to remove from the identity pool. idpool-uuid The IDÂ of the identity pool to remove the user from. You can get the identity pool ID by calling the List Identity Pools(Link opens in a new window) endpoint in the Tableau RESTÂ OpenAPI. Request Body
None
cURL Request Examplecurl "http://MY-SERVER/api/3.26/sites/9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d/users/7ad8f89e-c2a1-44b4-9413-ac8a62286a7a/identityPool/" -X DELETE -H "X-Tableau-Auth:12ab34cd56ef78ab90cd12ef34ab56cd"
MY-SERVER is the name or IP address of your server.9a8b7c6d5-e4f3-a2b1-c0d9-e8f7a6b5c4d is the ID of the site, as returned by a previous call to Sign In.7ad8f89e-c2a1-44b4-9413-ac8a62286a7a is the IDÂ of the user to remove.df47cf24-5ed3-11ed-9b6a-0242ac12000 is the ID of the identity pool.12ab34cd56ef78ab90cd12ef34ab56cd is the credentials token returned by a previous call to Sign In.The response contains no body (data) if the user is successfully removed from the identity pool. The HTTP response code is 204 if the delete operation succeeded.
PermissionsThis method can only be called by Tableau Server administrators.
Response Code204
Response BodyNone
VersionVersion 3.19 and later. For more information, see REST API and Resource Versions.
Errors HTTP statuserror Code Condition Details 400 400000 Bad request The content of the request body is missing or incomplete, or contains malformed XML. 404 404000 Site not found The site ID in the URI doesn't correspond to an existing site. 405 405000 Invalid request method Request type was not DELETE. 429 429003 Can't remove user There was a problem and the user couldn't be removed from the identity pool.
For more information, see Handling Errors.
Delete Authentication ConfigurationDelete an authentication instance.
DELETE {server}/api/-/authn-service/auth-configurations/{id}
Delete Identity PoolDelete an identity pool.
DELETE {server}/api/-/authn-service/identity-pools/{uuid}
Delete Identity StoreDelete an identity store.
DELETE {server}/api/-/authn-service/identity-stores/{id}
Get Identity PoolGet information about an identity pool.
GET {server}/api/-/authn-service/identity-pools/{uuid}
List Authentication Configurations on ServerList information about all authentication instances associated with identity pools.
GET {server}/api/-/authn-service/auth-configurations
List Identity PoolsList all identity pools.
GET {server}/api/-/authn-service/identity-pools
List Identity StoresList information about all identity store instances used to provision users.
GET {server}/api/-/authn-service/identity-stores
Create Authentication ConfigurationCreate an instance of OpenID Connect (OIDC) authentication.
POST {server}/api/-/authn-service/auth-configurations
Create Identity PoolCreate an identity pool.
POST {server}/api/-/authn-service/identity-pools
Configure Identity StoreConfigure a new local identity store to provision users.
POST {server}/api/-/authn-service/identity-stores
Update Authentication ConfigurationUpdate an authentication instance.
PUT {server}/api/-/authn-service/auth-configurations/{id}
Update Identity PoolUpdate information about an identity pool.
PUT {server}/api/-/authn-service/identity-pools/{uuid}
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4