Set up OAuth for Google (2024)

Table of Contents
Summary of steps Obtain a client ID and enable Google APIs Configure Tableau Server for Google OAuth Configure custom OAuth for a site 1: Prepare the OAuth client ID, client secret, and redirect URL 2: Register the OAuth client ID and client secret 3: Validate and update saved credentials 4: Notify users to update their saved credentials Create and edit Google data source Managing access tokens Forward proxy for OAuth authentication FAQs

By default, the Google Analytics, Google BigQuery, and Google Sheets (deprecated in Tableau version 2022.1) connectors use a managed keychain for OAuth tokens that are generated for Tableau Server by the provider and shared by all users on the same site.

You can convert the connectors that use managed keychain to use saved credentials by configuring Tableau Server with an OAuth client ID and secret for each connector.

This topic describes how to set up your Google Analytics, Google BigQuery, and Google Sheets connections for OAuth with saved credentials. Complete these steps for each Tableau Server instance.

Note: Google Drive connections use saved credentials by default and, starting in Tableau 2022.3, require Tableau Server to be set up with an OAuth client ID and secret for Google.

For more information about managed keychain and saved credentials, see OAuth Connections

Notes:

  • All Google-based connectors require managed keychain (default), server-wide OAuth, or site-specific OAuth.
  • To use saved credentials for a site, server-wide OAuth must be configured first.
  • Server-wide OAuth can be used whether site-wide OAuth is configured.
  • If using site-specific OAuth, each site must be configured individually.
  • To support live connection prompts, editing connections, and web authoring, convert managed keychain to saved credentials to avoid errors.

Summary of steps

Set up OAuth by following these general steps:

  1. Enable API access and create an access token from Google.
  2. Use the information you obtained in step 1 to configure Tableau Server.
  3. (Optional)Configure site-specific OAuth.
  4. Create and edit a Google data source.

Obtain a client ID and enable Google APIs

Note These steps reflect the settings in the Google Cloud Platform console at the time of this writing. For more information, see Using OAuth2.0 for Web Server Applications(Link opens in a new window) in the Google Developers Console Help.

  1. Sign in to Google Cloud Platform(Link opens in a new window), and then click Go to my console.

  2. On the dropdown menu, Select a Project, select Create project.

  3. In the new project form that appears, complete the following:

    • Give the project a meaningful name that reflects the Tableau Server instance for which you’ll use this project.

    • Determine whether you want to change the project ID.

      NoteAfter you create the project, you won’t be able to change the project ID. For more information, click the question mark icons.

      Set up OAuth for Google (1)

  4. Open the new project, navigate to APIs &Services > OAuth consent screen. and select the User Type.

    See Also
    AuthenticationSet the User Authentication TypeSalesforce AuthenticationTutorial: Microsoft Entra SSO integration with Tableau Cloud - Microsoft Entra ID

  5. Click the OAuth consent screen tab and then enter a meaningful name for the Product name shown to users.

  6. Click Credentials and click the Create Credentials tab, then click OAuth client ID.

  7. Onthe Create OAuth client ID screen, fill out the required fields. Follow the steps to authorize your OAuth tokens:

    • Select Web Application.

    • Enter a client Name.

    • For Authorized JavaScript Origins, click ADD URI and enter the Tableau Server domain name using HTTP or HTTPs.

    • For Authorized redirect URIs, click ADD URI and replace the example text with the Internet address for your Tableau Server, and add the following text to the end of it:auth/add_oauth_token. For example:

      https://your_server_url.com/auth/add_oauth_token

  8. Copy the Authorized Redirect URI, and paste it in a location that you can access from your Tableau Server computer.

  9. Click Create .

  10. Copy the following values that Google returns, and paste them in a location that you can access from your Tableau Server computer:

    • Client ID
    • Client secret

  11. In APIs & services, verify that BigQuery API,Google Drive API (to enable Google Sheets), or Analytics API is enabled. To enable APIs, click ENABLEAPI at the top of the page.

    Note: To establish a connection between Tableau Server and Google Analytics 4, you must enable both the Google Analytics Admin API and the Google Analytics Data API in the Google console. By adding these APIs, you can prevent any potential permissions errors that may arise during the process.

Configure Tableau Server for Google OAuth

Using the information you obtained by completing the steps in Obtain a client ID and enable Google APIs, configure your Tableau Server:

  • On the Tableau Server computer, open the shell and run the following commands to specify the access token and URI:

    tsm configuration set -k oauth.google.client_id -v <your_client_ID>

    tsm configuration set -k oauth.google.client_secret -v <your_client_secret>

    tsm configuration set -k oauth.google.redirect_uri -v <your_authorized_redirect_URI>

    tsm pending-changes apply

    If the pending changes require a server restart, the pending-changes apply command will display a prompt to let you know a restart will occur. This prompt displays even if the server is stopped, but in that case there is no restart. You can suppress the prompt using the --ignore-prompt option, but this does not change the restart behavior. If the changes do not require a restart, the changes are applied without a prompt. For more information, see tsm pending-changes apply.

Configure custom OAuth for a site

You can configure a custom Google OAuth client for a site.

Consider configuring a custom OAuth client to 1) override an OAuth client if configured for the server or 2) enable support for securely connecting to data that requires unique OAuth clients.

When a custom OAuth client is configured, the site-level configuration takes precedence over any server-side configuration and all new OAuth credentials created use the site-level OAuth client by default. No Tableau Server restart is required for the configurations to take effect.

Important: Existing OAuth credentials established before the custom OAuth client is configured are temporarily usable but both server administrators and users must update their saved credentials to help ensure uninterrupted data access.

1: Prepare the OAuth client ID, client secret, and redirect URL

Before you can configure the custom OAuth client, you need the information listed below. After you have this information prepared, you can register the custom OAuth client for the site. For more information, see the section Register OAuth Client With Snowflake, above.

  • OAuth client ID and client secret: First register the OAuth client with the data provider (connector) to retrieve the client ID and secret generated for Tableau Server.

  • Redirect URL: Note the correct redirect URL. You will need this during the registration process in Step 2 below.

    https://<your_server_name>.com/auth/add_oauth_token

    For example, https://example.com/auth/add_oauth_token

2: Register the OAuth client ID and client secret

Follow the procedure described below to register the custom OAuth client to the site.

  1. (Versions 2024.1 and earlier) On the Tableau Server computer, run the following command to enable the Snowflake OAuth service:

    tsm configuration set -k native_api.enable_snowflake_privatelink_on_server -v true

    Note: For versions 2024.2 and newer, skip step 1 regardless of whether a Snowflake private connection is being used or not.

  2. Sign in to your Tableau Server site using your admin credentials and navigate to the Settings page.

  3. Under OAuth Clients Registry, click the Add OAuth Client button.

  4. Enter the required information, including the information from Step 1 above:

    1. For Connection Type, select the connector whose custom OAuth client you want to configure.

    2. OAuth Instance URL is required if multiple OAuth clients are being registered. Otherwise, it is optional.

    3. For Client ID, Client Secret, and Redirect URL, enter the information you prepared in Step 1 above.

    4. Click the Add OAuth Client button to complete the registration process.

    Set up OAuth for Google (2)

  5. (Optional) Repeat step 3 for all supported connectors.

  6. Click the Save button at the bottom or top of the Settings page to save changes.

3: Validate and update saved credentials

To help ensure uninterrupted data access, you (and your site users) must delete the previous saved credentials and add it again to use the custom OAuth client for the site.

  1. Navigate to your My Account Settings page.

  2. Under Saved Credentials for Data Sources, do the following:

    1. Click Delete next to the existing saved credentials for the connector whose custom OAuth client you configured in Step 2 above.

    2. Next to connector name, click Add and follow the prompts to 1) connect to the custom OAuth client configured in Step 2 above and 2) save the latest credentials.

4: Notify users to update their saved credentials

Make sure you notify your site users to update their saved credentials for the connector whose custom OAuth client you configured in Step 2 above. Site users can use the procedure described in Update saved credentials to update their saved credentials.

Create and edit Google data source

Next, you must publish the Google data sources to the server. For example, see the Tableau Desktop topic, Google BigQuery(Link opens in a new window).

After you've published the data sources, the final step is to edit the data source connection to use the embedded access token that you configured earlier. See Edit Connections on Tableau Server.

Managing access tokens

After you configure the server for OAuth, you can allow users to manage their own access tokens in their profile settings, or you can manage the tokens centrally. For more information, see Allow Saved Access Tokens.

Forward proxy for OAuth authentication

For more information about setting up a forward proxy with OAuth authentication for Tableau Server (Windows only), see Configure a Forward Proxy for OAuth Authentication(Link opens in a new window) in the Tableau Help.

Set up OAuth for Google (2024)

FAQs

How to setup OAuth for Google? ›

Go to the Google Cloud Platform Console Credentials page. If it's not already selected, select the project that you want to update. From the list of OAuth 2.0 Client IDs, click the client you want to generate a new client secret for. On the client details page, click Add Secret on the right side to add a new secret.

Read On
Is Google OAuth free? ›

For the basic information like name, email and user ID is free for it is within the free tier of Oauth. However, there might be some indirect costs like free tier limits which have a limit on the number of requests you can make. Exceeding these limits might require a paid plan.

Discover More Details
How to set up Google Auth? ›

Set up Google Authenticator for your Google Account
  1. On your Android device, go to your 2-Step Verification settings for your Google Account. You may need to sign in.
  2. Tap Set up authenticator. On some devices, tap Get Started.
  3. Follow the on-screen steps.

Continue Reading
How to enable OAuth in Gmail? ›

Gmail with OAuth2 setup in Google Cloud Platform

Click on +ENABLE APIS AND SERVICES to add the Gmail API to your project. Type Gmail in the search field and click on the Gmail API result. Click Enable under the Gmail API. Once enabled, you are prompted to create credentials in order to use the Gmail API.

See Details
How to set up OAuth authentication? ›

Create authorization credentials
  1. Go to the Credentials page.
  2. Click Create credentials > OAuth client ID.
  3. Select the Web application application type.
  4. Complete the form. Applications that use JavaScript to make authorized Google API requests must specify authorized JavaScript origins.

Find Out More
How do I comply with Google's OAuth 2.0 policy? ›

You must create a separate OAuth client for each platform on which your app will run, such as a web server, an Android app, an iOS app, or a limited-input device. You must choose the client type that best matches the platform. For instance, you should not use a "web" client type for your native Android or iOS app.

Tell Me More
How does Google OAuth work? ›

OAuth is a standard that apps can use to provide client applications with “secure delegated access”. OAuth works over HTTPS and authorizes devices, APIs, servers, and applications with access tokens rather than credentials. OAuth allows for: Different access levels: read-only VS read-write.

Show Me More
Does Google use OAuth or OpenID? ›

For example, apart from being OAuth2 compliant Google is also an OpenID provider. OpenID Connect has two flows. Both are based on OAuth2, but also return an ID token(which is a JSON Web Token) along with an access token, enabling both authentication and authorization.

Explore More
How to get OAuth access token? ›

  1. Obtain OAuth 2.0 credentials from the Google API Console.
  2. Obtain an access token from the Google Authorization Server.
  3. Examine scopes of access granted by the user.
  4. Send the access token to an API.
  5. Refresh the access token, if necessary.
Jul 16, 2024

Continue Reading
How do I get Google authorization? ›

Authorize your Google Account
  1. Open Configuration Manager and click Google Domain Configuration.
  2. Click Authorize Now. Sign In.
  3. Sign in to your Google Account as a super admin.
  4. Click Allow. Configuration Manager receives the verification code and authorizes GCDS.
  5. Close the browser window.

Show Me More

How can I get a setup key for Google Authenticator? ›

While setting up an authenticator app for 2FA you can view the setup key which we automatically generate as a QR code, but which can also be read in plain text by clicking on View setup key. It is sometimes also referred to as a "backup code" or "secret seed code".

Read The Full Story
How do I manually install Google Authenticator? ›

Download Google Authenticator on your Android device:
  1. Find the Google Play icon on your device and tap to open.
  2. Using the search function simply type in 'Google Authenticator' and tap the search icon.
  3. The app will display.
  4. Tap on the app icon and then the 'install' button.

See Details
How to configure OAuth in Google? ›

In the Google Cloud console, go to Menu menu > APIs & Services > OAuth consent screen. Select the user type for your app, then click Create. Complete the app registration form, then click Save and Continue.

Get More Info Here
Does Gmail require OAuth? ›

Starting in autumn of 2024, you and your users must use OAuth with third-party apps to access Gmail, Google Calendar, and Google Contacts. OAuth is a more secure access method.

Continue Reading
How do I enable OAuth 2.0 for email? ›

Enable OAuth 2.0 for email
  1. ServiceNow plugins. Activate a plugin. Activate a plugin on a personal developer instance. Request a plugin. ...
  2. Find components installed with an application.
  3. Available system properties.
  4. Query join and complexity size limits.
  5. Web proxy. NTLM authentication. Proxy servers for SOAP clients.

View More
How to use OAuth on Google Drive? ›

Basic steps
  1. Obtain OAuth 2.0 credentials from the Google API Console. ...
  2. Obtain an access token from the Google Authorization Server. ...
  3. Examine scopes of access granted by the user. ...
  4. Send the access token to an API. ...
  5. Refresh the access token, if necessary.
Jul 16, 2024

View Details
Top Articles
How to Clone Hard Drive Using Command Prompt for Windows 11/10/8/7
What's Wrong with Guided Reading? - Campbell Creates Readers
I Make $36,000 a Year, How Much House Can I Afford | SoFi
Couchtuner The Office
Rabbits Foot Osrs
Devotion Showtimes Near Mjr Universal Grand Cinema 16
EY – все про компанію - Happy Monday
CKS is only available in the UK | NICE
Chuckwagon racing 101: why it's OK to ask what a wheeler is | CBC News
Barstool Sports Gif
Xrarse
AB Solutions Portal | Login
Lost Pizza Nutrition
Missing 2023 Showtimes Near Lucas Cinemas Albertville
Pro Groom Prices – The Pet Centre
Gas Station Drive Thru Car Wash Near Me
Koop hier ‘verloren pakketten’, een nieuwe Italiaanse zaak en dit wil je ook even weten - indebuurt Utrecht
The Murdoch succession drama kicks off this week. Here's everything you need to know
800-695-2780
Bfg Straap Dead Photo Graphic
Busby, FM - Demu 1-3 - The Demu Trilogy - PDF Free Download
Andhrajyothy Sunday Magazine
Kingdom Tattoo Ithaca Mi
Happy Homebodies Breakup
Booknet.com Contract Marriage 2
Cars & Trucks - By Owner near Kissimmee, FL - craigslist
Is Light Raid Hard
Worthington Industries Red Jacket
101 Lewman Way Jeffersonville In
950 Sqft 2 BHK Villa for sale in Devi Redhills Sirinium | Red Hills, Chennai | Property ID - 15334774
LG UN90 65" 4K Smart UHD TV - 65UN9000AUJ | LG CA
Jeep Cherokee For Sale By Owner Craigslist
Cbs Trade Value Chart Week 10
Skroch Funeral Home
Cheap Motorcycles Craigslist
2012 Street Glide Blue Book Value
American Bully Xxl Black Panther
Why Holly Gibney Is One of TV's Best Protagonists
Winco Money Order Hours
The Banshees Of Inisherin Showtimes Near Reading Cinemas Town Square
Let's co-sleep on it: How I became the mom I swore I'd never be
Ursula Creed Datasheet
Sound Of Freedom Showtimes Near Lewisburg Cinema 8
8776725837
Cleveland Save 25% - Lighthouse Immersive Studios | Buy Tickets
Cch Staffnet
Playboi Carti Heardle
Nope 123Movies Full
Union Supply Direct Wisconsin
Wwba Baseball
Tweedehands camper te koop - camper occasion kopen
Obituary Roger Schaefer Update 2020
Latest Posts
What is network bandwidth and how is it measured?
12 Essential Customer Service Skills In 2024
Article information

Author: Mr. See Jast

Last Updated:

Views: 5528

Rating: 4.4 / 5 (55 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Mr. See Jast

Birthday: 1999-07-30

Address: 8409 Megan Mountain, New Mathew, MT 44997-8193

Phone: +5023589614038

Job: Chief Executive

Hobby: Leather crafting, Flag Football, Candle making, Flying, Poi, Gunsmithing, Swimming

Introduction: My name is Mr. See Jast, I am a open, jolly, gorgeous, courageous, inexpensive, friendly, homely person who loves writing and wants to share my knowledge and understanding with you.