KNOWLEDGE BASE

Embedded Views Passing Through Guest Instead of AD Username


Published: 04 Jun 2015
Last Modified Date: 16 Mar 2018

Issue

Embedded views are not passing the user name through to Tableau Server. The views are showing the user as Guest. If testing with the same user clicking the link directly (remove url parameter embed=y), the correct username is displayed using Active Directory, with "Enable automatic logon" checked. 

The above applies to shared links because 'embed=y' is part of the link, by default.

User-added image

Environment

  • Tableau Server
  • Active Directory

Resolution

The behavior is expected behavior with Tableau Server. To force AD authentication you will need to make sure the guest user permissions are to deny viewing, which forces the fallback to the authentication system. This is recommended permissions setting on all project sites where you need to force active directory logons to deny viewing for guest users. In this way newly published workbooks inherit the guest deny access. 

 

Cause

The guest feature was designed this way to facilitate the business case of wanting to share a view on a public website where users do not need to be authenticated or on a private website or page where authentication is handled by the site itself. 

Additional Information

When using javascript or an iframe with url parameter embed=y to embed views, all authentication is bypassed and the requester is sent to the view as a guest if guest access is enabled. If the browser has a valid non-expired login cookie from previously authenticated session to the same server, the browser will include the cookie into the request for the web page, prompting Tableau Server to provide the authenticated view. 
Did this article resolve the issue?