On SAML login for Tableau Server Error "Unable to Sign In - Invalid username or password" received

Published: 06 Jan 2023
Last Modified Date: 06 Jan 2023


When logging into a Tableau Server using SAML, after authentication with the Identity Provider, the Tableau Server gives an error page that says "Unable to Sign In" followed by "Invalid username or password" underneath.

Additionally, the authnresponse from the Identity Provider contains the following:

<samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Responder\"><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:RequestDenied\"/></samlp:StatusCode><samlp:StatusMessage>You are NOT authorized to access this Application.</samlp:StatusMessage><samlp:StatusDetail><Cause>org.sourceid.saml20.domain.AuthorizationException: You are NOT authorized to access this Application.</Cause></samlp:StatusDetail></samlp:Status>

Authnresponse is captured in:

  1. Network captures like Fiddler
  2. SAML trace utilities like Chrome SAML Tracer
  3. For Server-wide SAML, Tableau Server vizportal logs when vizportal.log.level is set to debug
  4. For Site-specific SAML, Tableau Server samlservice logs


  • Tableau Server 2021.1.4 and newer
  • SAML


The Identity Provider needs to assign the user to the Tableau Server application. This action will require an Identity Provider administrator.


User is not granted permission to the Tableau Server application on the Identity Provider.
Did this article resolve the issue?