KNOWLEDGE BASE

Error "Unable to Sign In. User account not found" After Configuring SAML on Tableau Server


Published: 03 Feb 2017
Last Modified Date: 10 Feb 2017

Issue

After configuring Tableau for SAML authentication, users are unable to login, and the following error occurs: 
Unable to Sign In
User account not found

User-added image

Environment

  • Tableau Server
  • SAML

Resolution

Ensure that the username value sent to Tableau Server from the Identity Provider (IdP) exactly matches the username in Tableau Server. 
For example:
For the user below, the username value sent from the IdP will need to be "test", not "test user" or "test@test.com".
User-added image
 

Cause

The username value sent from the IdP does not match the Tableau Server username. 

Additional Information

​If the username value on the IdP side does not match the Tableau Server username, consider one of the following options to align the values:

If a value on the IdP other than username matches the Tableau Server username

For example, if the display name matches the Tableau Server username you can do one of the following:
  • Set an attribute rule on the IdP to send the display name value as the username
  • Use tabadmin to tell Tableau Server to evaluate the displayname as the username:
    1. Open a command prompt as an administrator
    2. Navigate to the Tableau Server bin folder, located by default at C:\Program Files\Tableau\Tableau Server\<version>\bin and enter the following command: 
      tabadmin set wgserver.saml.idpattribute.username displayname

      Note: This command is case sensitive, so be sure to specify the attribute name exactly as it is shown on the IdP. For example, if the IdP attribute is "DisplayName", use DisplayName and not displayname in the tabadmin set command.

If there is no value on the IdP side that matches the Tableau Server username, or it is not possible to make changes to the IdP

  • Change the usernames in Tableau Server to match what the IdP will be able to send.
If there are users on non-default domains,the username value for these users must include the domain prefix.
Did this article resolve the issue?