KNOWLEDGE BASE

Error "Unable to Sign In. User account not found" After Configuring SAML on Tableau Server


Published: 03 Feb 2017
Last Modified Date: 06 Aug 2019

Issue

After configuring Tableau for SAML authentication, users are unable to login, and the following error occurs: 

Unable to Sign In
User account not found

 

Environment

  • Tableau Server
  • Tableau Online
  • SAML

Resolution

Ensure that the username value sent to Tableau Server or Tableau Online from the Identity Provider (IdP) exactly matches the username in Tableau Server or Tableau Online.

For example, for the user below, the username value sent from the IdP will need to be "test", not "test user" or "test@test.com".
 
User-added image

If the username value on the IdP side does not match the Tableau Server or Tableau Online username, consider one of the following options to align the values.

Option 1

If a value on the IdP other than username matches the Tableau Server username.

For example, if the display name matches the Tableau Server username you can do one of the following:

For Tableau Server for Windows versions 2018.2 and newer or for Tableau Server for Linux:

Set an attribute rule on the IdP to send the display name value as the username.
  • Use TSM to tell Tableau Server to evaluate the displayname as the username. This can be done in the TSM UI as described under step 5 of the SAML settings in Configure Server-Wide SAML.
  • It can also be done in the TSM CLI by running the following command from a cmd prompt opened as an administrator:
tsm authentication saml map-asssertions --user-name displayname
Note: This command is case sensitive, so be sure to specify the attribute name exactly as it is shown on the IdP. For example, if the IdP attribute is "DisplayName", use DisplayName and not displayname in the TSM comman

For Tableau Server for Windows versions 2018.1 and earlier:

Use tabadmin to tell Tableau Server to evaluate the displayname as the username:
  1. Open a command prompt as an administrator
  2. Navigate to the Tableau Server bin folder, located by default at C:\Program Files\Tableau\Tableau Server\<version>\bin and enter the following command: 
    tabadmin set wgserver.saml.idpattribute.username displayname

    Note: This command is case sensitive, so be sure to specify the attribute name exactly as it is shown on the IdP. For example, if the IdP attribute is "DisplayName", use DisplayName and not displayname in the tabadmin set command.

Option 2

If there is no value on the IdP side that matches the Tableau Server or Tableau Online username, or it is not possible to make changes to the IdP.

  • Change the usernames in Tableau Server or Tableau Online to match what the IdP is able to send.

Cause

The username value sent from the IdP does not match the Tableau Server or Tableau Online username. 

Additional Information


If there are users on non-default domains,the username value for these users must include the domain prefix.
Did this article resolve the issue?