I just got done working with Tableau to resolve this issue with Single Sign on and the Alteryx macro, Publish to Tableau Server.
We upgraded to version 10.5 of Tableau Server (this probably would have worked on a lesser version). Our setup uses Active Directory to set up the single sign on but because it uses SAML it does not synch the password.
That being said, the user password under Account Settings\Settings \Change Password is the key to all of this.
This password is actually your user password and is used for Rest API authentication. In order to test this, we created a local account and mirrored the same project and group permissions and we were able to login to the server using Postman.
<credentials name="UserName" password="Password">
<site contentUrl="" />
This worked and returned a 2 part Token, separated by a pipe "|".
To test our theory, we changed a test users password (Site admins cannot change their own password but can change other site admins password; go figure) to something we could remember and then used the username and new password to send through postman.
It worked! Then we tested with the Publish to Tableau Server macro and bingo!
Hopefully this helps some folks out there.