Deploy and Enjoy: Tableau Mobile at Enterprise Scale

# D e p l o y E n j o y M o b i l e

Paul Cardon

Staff Software Engineer

Tableau

Sham Dorairaj

Senior Software Engineer

Tableau

Sham Dorairaj

# D e p l o y E n j o y M o b i l e

Paul Cardon

# D e p l o y E n j o y M o b i l e

Tableau Mobile Team

We a r e b u t t w o o f m a n y :Test

User Experience

Support

Development

Documentation

# D e p l o y E n j o y M o b i l e

Tableau Champion

Tableau Server Administrator

IT/Operations

IT Security

You want to enable your Tableau Server users to enjoy Tableau on their mobile devices

You!

”Give our enterprise customers guidance on how to deploy Tableau Mobile in their network environments.”

Welcome and Introduction

Signing into Tableau ServerConnect > Trust > Authenticate

Mobile Device Management (MDM)Customize Tableau Mobile

Lagniappes

Tableau overviewTableau Mobile

is the fastest &

most delightful

way to stay on

top of your data

Tableau Mobile

Managing Mobile is Different

Mobile Platforms are unique:

Operating Systems

Apps & App Stores

Different Security Concerns

Bring-Your-Own-Device (BYOD) is common

Device is personal

Sign into Tableau Server

Signing into Tableau Server

1. Connect

2. Trust

3. Authenticate

Step 1: Connect

Private Network

Connect: Private Network (aka Intranet)

Private Network

Connect: Reverse Proxy

Private Network

Connect: Virtual Private Network (VPN)

Connect: The Cloud

Connect

Work with your Networking Team about which solution makes sense for your company

Signing into Tableau Server

1. Connect

2. Trust

3. Authenticate

Step 2: Trust

A Philosophical Argument?

When you die, if you get a choice between going to regular heaven or pie heaven, choose pie heaven. It might be a trick, but if it's not, mmmmmmmm, boy.

Jack Handey

When you choose your data transfer protocol, if you get a choice between an insecure protocol and a secure protocol, choose the secure protocol.

It won’t be a trick, so, mmmmmmmm, boy.

Paul Cardon

Trust: Why use HTTPS?

• S = Secure. SSL and TLS are secure protocols that enable HTTPS.

• HTTPS ensures you are talking to the correct server.

• HTTPS prevents eavesdropping.

• Apps in the iOS app store have to provide justification for supporting HTTP.

• Chrome browsers mark all HTTP–based sites and traffic as insecure.

Trust: SSL Certificates

Certificate Authority ”A”

Certificate Authority ”B”

Trust: SSL Certificates

Certificate Authority ”A”

Certificate Authority ”B”

Server “1”Signed by “A”

Trust: SSL Certificates

Certificate Authority ”A”

Certificate Authority ”B”

Server “1”Signed by “A”

Trust: SSL Certificates

Certificate Authority ”A”

Certificate Authority ”B”

Trust: SSL Certificates

Certificate Authority ”A”

Certificate Authority ”B”

Server “2”Signed by “B”

Trust: SSL Certificates

Certificate Authority ”A”

Certificate Authority ”B”

Server “2”Signed by “B”

Trust: SSL Certificates

Certificate Authority ”A”

Certificate Authority ”B”

Trust: SSL Certificates

Certificate Authority ”A”

Certificate Authority ”B”

Server “MyTableau”Signed by “Company”

Trust: SSL Certificates

Certificate Authority ”A”

Certificate Authority ”B”

Server “MyTableau”Signed by “Company”

Trust: SSL Certificates

Certificate Authority ”A”

Certificate Authority ”B”

Trust: SSL Certificates

Certificate Authority ”A”

Certificate Authority ”B”

“Company” Certificate Authority

Trust: SSL Certificates

Certificate Authority ”A”

Certificate Authority ”B”

Server “MyTableau”Signed by “Company”

“Company” Certificate Authority

Trust: SSL Certificates

Certificate Authority ”A”

Certificate Authority ”B”

Server “MyTableau”Signed by “Company”

“Company” Certificate Authority

Signing into Tableau Server

1. Connect

2. Trust

3. Authenticate

Authentication

Why Authentication?

“workgroup session id”

Authentication types supported by Tableau Mobile:

Local Auth (User-Password)

SAML

Kerberos

Authentication

Server Info :

…

external_version : 2018.3

authentication :

type : user-password

Local Authentication

Local Authentication

“SAML” Authentication

Client

Identity Provider

Service Provider

Security

Assertion

Markup

Language

“SAML” Authentication

Security

Assertion

Markup

Language

Tableau Mobile

Identity Provider

Service Provider

“SAML” Authentication

Tableau Mobile

Identity Provider

Tableau Server

Security

Assertion

Markup

Language

SAML Authentication in a Webview

SAML Authentication in a Webview

Kerberos

Supports:Single Sign On for multiple services

Long lived sessions with Ticket Granting

Tickets (TGT)

Tableau requirements:Active Directory

Profile installed on the mobile device:

User principal name

Realm (your active directory domain)

If Kerberos fails, fall back can be configured.

Kerberos

Kerberos

User certificate decodes the ticket

User never types credentials!

Signed In!

Signing into Tableau Server

1. Connect

2. Trust

3. Authenticate

Users

I don’t want to

sign in ever again!

IT

I want my users

to be safe and renew

their sessions often!

Remembering Credentials

Tableau sessions expire after 4 hours of no use

… and you may need to enter credentials again

It Depends…

User–Password: If “Keep Me Signed In” is enabled, No

SAML: Yes

Kerberos: Only when Ticket Granting Ticket renewal is needed

Connected Clients to the Rescue!

Tableau Mobile for Tableau Online only (iOS, Android)

Identify Your Setup And Deploy To Users With MDM

Mobile Device Management

Mobile Device Management (MDM)

Secure

Configure

Distribute

Control

MDM: Secure Devices

Configure VPN

Entire device or per-app

Secure

MDM: Configure Devices

Install SSL certificates

Install Kerberos certificates

Configure email

Apple Device Enrollment Program (DEP)Configure

MDM: Apps

Can push apps to devicesAll your users could run the same version of Tableau Mobile

Control which groups of people get which apps

Distribute

MDM: Control Devices

Require device unlock passcode

Disable camera, screen capture, etc.

Specify the apps that can use cellular data

Remotely wipe device

Control

MDM: Systems

AppConfig(iOS Only) Compatible with:

VMWare AirWatch

MobileIron

Citrix XenMobile

Microsoft Intune

Pro Tip from Tableau DevIT: your MDM vendor can help

SDK Integration(iOS Only):

Customize Tableau Mobile

Customize Tableau Mobile

AppConfig

Industry standard, more info at appconfig.org

Publicly available app delivered with a special XML file containing key-value pairs

On startup, the app checks for these key-value pairs. If the app finds them, it uses them.

Customize Tableau Mobile

Reduce friction for users to sign in

Thanks to MDM: Experience can be tailored to different groups of users

Customize Tableau Mobile

Tableau Mobile AppConfig Key-Value Pairs

Key Value Type Example Value

AppServiceHosts string tableau.example.com, tableau-sales.example.com

AppServiceLabels string Main, Sales

CustomHostsTitle string Our Company Servers

RemoveTableauOnlineButt

onboolean true

HideServerNameField boolean true

RestrictUsername boolean true

UserName string janedoe

Documentation available online

Customize Tableau Mobile

Customize Tableau Mobile

AppServiceHosts =

tableau.example.com, tableau-sales.example.com

Customize Tableau Mobile

AppServiceHosts =

tableau.example.com, tableau-sales.example.com

AppServiceLabels =

Main, Sales

CustomHostsTitle =

Our Company Servers

Customize Tableau Mobile

AppServiceHosts =tableau.example.com, tableau-sales.example.com

AppServiceLabels =Main, Sales

CustomHostsTitle =Our Company Servers

HideServerNameField= trueRemoveTableauOnlineButton = true

Lagniappes

Tableau Data stored on your mobile device

Favorites cached on-device, viewable without a network connection

At regular intervals the app requests fresh versions of these offline favorites

Favorites are deleted on Sign Out or app removal

Configurable per site, under Offline Favorites

Configure Offline Favorites

Mobile App Bootstrap

Want to build your own custom mobile app? Consider starting here

Separate Objective-C and React Native versions

Objective-C library for Connected Clients

Was covered in depth in a separate session

Mobile app bootstrap | Custom mobile apps with embedded Tableau visualizations

Let us know if you’re developing custom mobile apps!

How We Troubleshoot: Certificates

SSL Detective and Certificate Inspector

iOS apps for on-device SSL certificate verification

How We Troubleshoot: General

Settings—Send Support LogsIncreases Tableau Mobile logging level

Shaking the device generates a log which can be shared with Tableau Support

Further Reading

Tableau & Mobile Security white paper

https://www.tableau.com/learn/whitepapers/tableau-mobile-security

Tableau Mobile Deployment Guide

https://onlinehelp.tableau.com/current/mobile/mobile-admin/en-us/admin_mobile_ace.html

Customize Tableau Mobile

https://onlinehelp.tableau.com/current/mobile/mobile-admin/en-us/admin_mobile_ace.html#Customize

Mobile App Bootstrap code

https://github.com/tableau/mobile-app-bootstrap-react-native

Tableau Mobile Rising | You CAN take it with youWednesday | Oct 24th | 3:30 PM – 4:30 PM

Data Village | Schedule in the TC18 mobile app

U P C O M I N G S E S S I O N S

Tableau Labs – Self Service Kiosk

Mobile app bootstrap | Custom mobile apps with embedded Tableau visualizations

PA S T S E S S I O N S

On the road again | Bring dashboards mobile with Device Designer

Your journey to amazing mobile dashboards

PA S T S E S S I O N S

Powering Boeing’s second century with actionable insights

Catering to customers at DEG | Creating painless, customized mobile reporting

Q & A

”Give our enterprise customers guidance on how to deploy Tableau Mobile in their network environments.”

Welcome and Introduction

Signing into Tableau ServerConnect > Trust > Authenticate

Mobile Device Management (MDM)Customize Tableau Mobile

Lagniappes

Please complete the

session survey from the My

Evaluations menu

in your TC18 app

Thank you!

#TC18

Paul Cardonpcardon@tableau.com sdorairaj@tableau.com