Configure Azure Databricks sign-on from Tableau Server

This article describes how to configure Azure Databricks sign-on from Tableau Server. After you complete this one-time configuration as an Azure Databricks account admin, users can connect from Tableau Server using SSO authentication.

The steps in this article aren't needed for Tableau Desktop and Tableau Cloud, which are enabled as OAuth applications in your Azure Databricks account by default.

This article is specific to custom Tableau Server OAuth application creation. For generic custom OAuth application creation steps, see the following:

• Enable custom OAuth applications using the CLI

Before you begin

Before you configure Azure Databricks sign-on from Tableau Server:

• You must be an Azure Databricks account administrator.
• Install the Databricks CLI and set up authentication between the Databricks CLI and your Databricks account.

You must also meet the following Tableau requirements:

• You have a Tableau Server installation with one of the following versions:
  • 2021.4.13 or above
  • 2022.1.9 or above
  • 2022.3.1 or above
• You're a Tableau Server administrator.

Add Tableau Server as an OAuth application

To add Tableau Server as an OAuth application to your Azure Databricks account, do the following:

1. Locate your account ID.

2. Locate your Tableau Server URL.

3. Run the following command:

   databricks account custom-app-integration create --confidential --json '{"name":"<name>", "redirect_urls":["<redirect-url>"], "scopes":["all-apis", "offline_access", "openid", "profile", "email"]}'
   

   • Replace <name> with a name for your custom OAuth application.
   • For <redirect-url>, append /auth/add_oauth_token to your Tableau Server URL. For example, https://example.tableauserver.com/auth/add_oauth_token.

   For more information about supported values, see POST /api/2.0/accounts/{account_id}/oauth2/custom-app-integrations in the REST API reference.

   A client ID and a client secret are generated, and the following output is returned:

   {"integration_id":"<integration-id>","client_id":"<client-id>","client_secret":"<client-secret>"}
   

   Note

   Enabling an OAuth application can take 30 minutes to process.

4. Securely store the client secret.

   Important

   You can't retrieve the client secret later.

Configure OAuth in Tableau Server

To configure OAuth in Tableau Server, do the following:

1. Sign in to Tableau Server as a server administrator.
2. In the sidebar, click Settings > OAuth Client Registry > Add OAuth client.
3. For Connection Type, select Databricks.
4. For Client ID, enter the client ID that was generated in Add Tableau Server as an OAuth application.
5. For Client Secret, enter the client secret that was generated in Add Tableau Server as an OAuth application.
6. For Redirect URL, enter the redirect URL from Add Tableau Server as an OAuth application.
7. Click Add OAuth client.

Troubleshoot OAuth configuration

This section describes how to resolve common issues with OAuth configuration.

404 error from your IdP

Issue: When you try to authenticate to Tableau Server, you see a 404 error.

Cause: OAuth is misconfigured.

Solution: Ensure that you have correctly configured OAuth.

Next steps

Users can now use SSO to authenticate to Azure Databricks from Tableau Server. See Connect Tableau and Azure Databricks.