Testing Tableau Dashboards with Single Sign-On (SSO) in Three Steps

The problem

If your company is using Single Sign-On (SSO) to authenticate and login to Tableau Server you will notice that running test cases in Kinesis CI with the default Login to Tableau task will fail and won’t let you into the Tableau Server. The reason is that every SSO setup has a custom login screen that is different at almost every company and giving a standard out-of-the-box solution that works everywhere is not possible. But don’t worry, you can easily create a Custom Login Task that will allow you logging into any SSO setup.

When logging into SSO or Custom Login Screens you need to:

  1. Use Drive Browser (SSO) task in Kinesis CI instead of Login to Tableau task
  2. Use Google Chrome Developer Tools to inspect your SSO page

A Real life example

Let’s say your SSO login screen looks like the picture below. You fill your corporate username and password in the form and on a successful login you will be redirected directly to the Tableau main page. Please note when SSO is enabled at your company you don’t see the default Tableau login. The default Tableau login form looks very different.

With Single sign-on you never see the original Tableau login screen but a third party provider login form i.e. Octa, Siteminder, etc.

Step 1: Add the Drive Browser (SSO) task at the first position in every test in Kinesis CI

The Drive Browser (SSO) task can fully control your browser. It can open sites, click a specific element on the page or wait until an item is fully loaded and a lot more. This flexibility makes it possible to fill non-standard login forms like SSO screens that are not developed and maintained by Tableau.

Drive Browser (SSO) needs to be the first item in the Task List

Step 2: Use Google Chrome to inspect and analyse your SSO login screen

We need to find the CSS selectors of the form items that we want to interact with. Go to View -> Developer -> Developer Tools in Google Chrome to show the additional menu and click on the inspect icon. Once you enabled the inspector mode by clicking on the icon in the bottom left corner you just need to hover on the form items, and it will pop the CSS selectors up:

  • Username inputbox: input#okta-signin-username
  • Password inputbox: input#okta-signin-password
  • Sign in button: input#okta-signin-submit.button.button-primary

Note: These are Okta specific default CSS selectors and your SSO form will be different if you use a different SSO provider. You will get different selectors but the principle is the same.

Inspecting and finding CSS selectors with Google Chrome Developer Tools

Step 3: Fill the Driver Browser (SSO) task commands list to do the login steps in the right order

Drive Browser (SSO) task requires a list of commands that details what steps you want to automate in the browser. In our case we want to (1) Navigate to the Tableau site, (2) Wait until the SSO form appears, (3) Fill the SSO form and click login and (4) Wait until redirected to the Tableau main page.

We need to translate the actions from step 2) into a consumable tabular format.

Browser Commands in the right order with CSS selectors captured in step 2)

Note 1: {{TABLEAU_URL}}, {{TABLEAU_USER}}, {{TABLEAU_PWD}} are dynamic variables and replaced at runtime to the actual values that you set up in the connection window. It is very important to know that these login credentials are not necessarily the SSO login credentials. If they are different then you can enter the correct user and password directly into the form, or alternatively you can set the credentials as User Defined Context Variables.

Note 2: Drive Browser (SSO) can reference items on the page by CSS or xPATH selectors. Both are very powerful tools to identify certain items on a web page. Google Chrome uses CSS selectors by default from point 2) so make sure the Query Selector is set to CSS.

Note 3: If you work on slower networks you can get timeout errors. In that case try to increase the Wait Timeout setting from the default 5 seconds to 10 or 15 seconds.

Test if everything works as expected

Try to run the test and you should see the SSO form automatically filled in and at the end you should land on the Tableau main page. Once it’s done you can add other tasks into the the task list, like Open Viz, Set Filter List, Assert Data Rules, Assert SQL Equals and others.

Other important notes

Also note that most of the features in Kinesis CI use the Tableau REST API and require a user to be created on the Tableau Server, even if the server is configured to use SAML. If you are trying to set up your test cases in Kinesis CI with a user that was not crated on the Tableau Server, you will experience issues when attempting to make a connection to your Server in Kinesis and viewing the Tableau file trees to set up your tests.

We recommend to use Kinesis CI with users created on Tableau Server. If your company uses SAML, and users are not generated on Tableau Server, but come from other systems, you will have to create a service account on Tableau server for designing and running your Kinesis tests to use the features in Kinesis CI more efficiently.