Recently I helped one client to connect his Tableau Cloud to SharePoint, so let me share how it’s done, as Tableau documentation was not very helpful, so I had to do my own research.
What you’d need is:
- Your Tableau Cloud site location
- Azure App Registration (Entra Id), configured properly
- OAuth Client configured at the Tableau site settings
Having these steps done – you should be able to connect to data (SharePoint or Onedrive site or SharePoint list).
Here are the details…
Your Tableau Cloud location
You need it to build a Redirect URI. Tableau documentation says:
...Note the pod your Tableau Cloud site is located to ensure you enter the correct redirect URL during the registration process in Step 2 below. The redirect URL uses the following format:
https://<your_pod>.online.tableau.com/auth/add_oauth_token
For example, https://us-west-2b.online.tableau.com/auth/add_oauth_tokenSo, you would check this part in bold of your Tableau cloud instance:
https://us-west-2b.online.tableau.com/
and construct a Redirection URI:
https://us-west-2b.online.tableau.com/auth/add_oauth_token
Examples are:
https://10ay.online.tableau.com/auth/add_oauth_token
https://dub01.online.tableau.com/auth/add_oauth_token
https://us-east-1.online.tableau.com/auth/add_oauth_token
Azure (Entra Id) App Registration
You need an App Registration under Entra Id, with API permissions consented and Authentication configured
API permissions must be the following: Under Graph API, delegated Files.Read.All, Sites.Read.All, User.Read, offline_access:
Authentication blade. You’d add platform: Web and use Redirect URI as above. Example:
Secret
Secret you’d generate under App Registration Certificates and secrets:
Once secret is generated, copy the secret value in a safe place and do not share it.
Also, get your app id and tenant id (those are not secrets but I still prefer not to share):
At this moment you should have from your App registration:
- Tenant Id
- Client (App) Id
- Client Secret
- Redirect Url
Now we are ready to configure
OAuth Client at the Tableau Site Settings
Having Site Admin permissions (Tableau Site Admin, not SharePoint), you should be able from the left menu navigate to the bottom “Settings” and under General tab scroll down to the “OAuth client registry” and click “Add OAuth Client”.
You’d need two OAuth client configured – one for “OneDrive and SharePoint Online” and the other one for “SharePoint List (JDBC)”.
“OneDrive and SharePoint Online” Experience is:
Here your OAuth instance Url would be:
https://login.microsoftonline.com/<Teanan tId>/
e.g.:
https://login.microsoftonline.com/332d223e-c55f-4c38-af69-214fe2a73f0a/
Client Id, Client secret and Reirect Url you can get from Step 2.
“SharePoint List (JDBC)” experience:
Same here.
OAuth instance Url is: https://login.microsoftonline.com/<your tenant id>/
Client Id, client secret and redirect Url you get from Step2.
Now you are ready to connect…
Tableau Connect to Data: OneDrive and SharePoint Online
Connecting to Data from Tableau, you’d select “OneDrive and SharePoint Online” or “SharePoint List (JDBC)”
Connecting to “OneDrive and SharePoint Online” – you’ll be asked to provide “OAuth Instance Url” again:
So, again, you’d put your tenant Id instead of “common”. After connected, you’d see something like this:
Under OneDrive (personal files) – you’d see your own content located at your personal OneDrive site.
Under OneDrive (shared with you) – you’d see content shared with you and located at other’s personal OneDrive sites.
Under SharePoint sites – you’d see content of SharePoint sites you have access to – all content – documents, lists etc.
Connecting to “SharePoint List (JDBC)” – experience would be
So, you’d provide a specific site collection Url (not list), e.g.
https://contoso.sharepoint.com/teams/Test-Site-01
and you’d provide “OAuth Instance Url” again, just remember – replace “common” with your Tenant Id.
In both cases you should get a pop-up authentication window – provide your credentials after that you should be able to see data in SharePoint.
Possible error messages
Client secret
Client secret is an essential part. It is not market as required in the form, but without secret connection is not working. You can get something like this:
Tableau received an OAuth error from your request. Please see the error message for more information: 401 Unauthorized POST https://login.microsoftonline.com/—/oauth2/v2.0/token. (errorCode=170006)
Reply address
If you did not configure Authentication at your App Reg or configured incorrectly – you might get error message “Sorry, but we’re having trouble signing you in” “AADSTS900971: No reply address provided.”
