Community Spring Cleaning week is here! Join your fellow Maveryx in digging through your old posts and marking comments on them as solved. Learn more here!
The Product Idea boards have gotten an update to better integrate them within our Product team's idea cycle! However this update does have a few unique behaviors, if you have any questions about them check out our FAQ.

Alteryx Designer Desktop Ideas

Share your Designer Desktop product ideas - we're listening!
Submitting an Idea?

Be sure to review our Idea Submission Guidelines for more information!

Submission Guidelines

Active Directory for Publish To Tableau Server Tool

At our organization we are required to change our passwords every few months forcing a change to my Tableau Server password.  How does this relate to Alteryx?  Well, every 90 days I have to change my password in the "Publish to Tableau Server Tool" for all of my workflows.  This is quite a cumbersome process that could be eliminated with AD.

 

If you dislike manually changing your for each workflow that uses this tool then "star" this post!

 

 

 

13 Comments
phillipc
5 - Atom

From a security standpoint, it would be great if we didn't have to store credentials in the workflow.  

gnelson
5 - Atom

Kerberos authentication (which can cover Active Directory) would be nice as then there's the possibility workflows run on demand could use delegation for databases with row level security.

andrewdatakim
12 - Quasar
12 - Quasar

@HJackson,

 

We had the same problem and were annoyed at having to go into each of the workflows for an adjustment, especially when they are packaged and scheduled.  

 

The work around we came up with was to store the credentials in a section of a DB that only each user could access their own credentials.  Think of using the Kerberos and AD permissions of the DB for accessing your own credentials.  What this allowed us to do is update the credentials in one location every 90 days without having to go into the workflows.  *This only works if your security team is okay with it.  

andrewdatakim
12 - Quasar
12 - Quasar

@HJackson,

 

Another option if you are only a Designer User, who doesn't share macros, is to wrap the Publish to Tableau Server in your own macro with your credentials embedded.  Then you still only have one location to update (the new macro), as long as the workflow containing the new Publish to Tableau Server isn't packaged.  I don't like embedding the credentials, but when the effects are so widespread and effect production all at the same time, there isn't much choice. 

 

We we currently have a macro that allows us to select which server we would to publish to and it creates an internal audit tde and the reporting tde.  

HJackson
7 - Meteor

Hello @AndrewDataKim - 

 

Unfortunately, our security team would not support #1, and as for #2 wouldn't Alteryx Server require you to refresh your macro (reupload) every 90 days? 

 

All the hacks are very labor intensive for what should be a simple solution enabled by the tool.  During Inspire17 I spoke with the product team, and they had never had this request before.  Their suggestion was to post it to the community in hopes that it could get enough upvotes to garner attention by their limited resources. 

 

Thanks for your vote!

ARich
Alteryx Alumni (Retired)
Status changed to: Under Review

Hi All,

 

Thanks for the feedback on this. We're currently looking into effort and feasibility in hopes that we can get this on the short-term roadmap.

 

Best,

Alex

ARich
Alteryx Alumni (Retired)

Hi All,

 

I need some clarification around this ask. You can use your AD credentials in the Publish to Tableau Server macro- you just have to include your domain name as part of the username. Is this what is being asked for?

 

Best,

Alex

HJackson
7 - Meteor

 

Hi Alex

 

The ask is to eliminate the need to provide your active directory password directly into each individual workflow that contains the tool, and rather have this tool or alteryx itself integrate directly with AD.  Right now, when you change your password in AD, you then have to go and change it in every workflow.  If these workflows are published to alteryx server, you have to republish said workflows with updated credentials as well.  This is a lot of extra steps that reduces the attractiveness of the publish tool.  Ideally, any change to an AD password would be automatically picked up by alteryx with no need for the end user to manually exchange credentials (ie integration with onelogin or similar mechanism).

ARich
Alteryx Alumni (Retired)
Status changed to: Partner Dependent

Hi All,

 

We did look into this and there are some dependencies on the Tableau API side that need to be addressed prior to us implementing. We've let our contacts at Tableau know there's a need for this.

 

Best,

Alex

gpoulson97
5 - Atom

Hello Alex, 

 

I was wondering what the status of this change is as the company I work for is having similar issues with having to change passwords in every workflow referencing a publish to tableau server tool. 

 

Thanks, 

Grant