The Zuar Web Application Firewall (WAF) can integrate with Salesforce via a Salesforce Canvas App.

Canvas enables you to easily integrate a third-party application in Salesforce.

Canvas Apps and VisualForce Pages

In addition to standard canvas apps, Canvas also lets you expose a canvas app on a Visualforce page. This means you can display a canvas app anywhere you can display a Visualforce page.

The steps below are one time setup on the Salesforce side. These steps require a Salesforce administrator account.

Create a Salesforce Connected App

In the Salesforce UI, click Setup.

Search for "App Manager" and click App Manager.

Click "New Connected App".

Fill out the "New Connected App" form. Not all values are required.

Basic Information

  • Connected App Name: (e.g. "Zuar Rapid Portal")
  • API Name: (requires all lowercase and underscores) (e.g. "zuar_rapid_portal")
  • Contact Email: your Salesforce admin's address

API (Enable OAuth Settings)

  • Check Enable OAuth Settings
  • Callback URL: https://{rapid_portal_url}/keepAlive (e.g. https://analytics.yourcompany.com/keepAlive)
  • Selected OAuth Scopes - Select "Access your basic information (id, profile, email, address, phone)" and click Add
  • Check Require Secret for Web Server Flow

Canvas App Settings

IMPORTANT: Depending on your Tableau environment you will use either the signed or vaulted endpoint for the Canvas App URL below. signed is used for Tableau Server with trusted authentication. vaulted is used for Tableau Server without trusted authentication and Tableau Online (which doesn't have trusted authentication). vaulted will prompt the Tableau user for their Tableau password once. If the user's password changes, the user will be prompted again, once.

  • Check Canvas
  • Canvas App URL: https://{rapid_portal_url}/{signed or vaulted} (e.g. For Tableau Server with trusted authentication use https://analytics.yourcompany.com/signed and for Tableau Online use https://analytics.yourcompany.com/vaulted)
  • Access Method: Signed Request (POST)
  • Locations: Select "Visualforce Page" and click Add

Click Save.

Back on the "Manage Connected Apps" page, click Manage.

Click "Edit Policies".

OAuth Policies

  • Permitted Users - set to "Admin approved users are pre-authorized"

Click Save.

There is a new section named Profiles. Click Manage Profiles.

Check the box next to any profiles you wish to give access to and click Save.

Save the Salesforce Connected App's Consumer Secret

Go back to the App Manager (search "app manager").

Find the newly created Connect App and click View.

In the API (Enable OAuth Settings) section, next to Consumer Secret, click "Click to Reveal".

Save the Connected App's Consumer Secret. This will be needed for configuration on the Zuar Rapid Portal.

Tableau to Salesforce User Mapping

Usernames from Tableau Server/Online must be mapped to information from Salesforce (e.g. username, email).

Tableau Online usernames must be email addresses. Tableau Server usernames can be anything.

Salesforce requires that each username be unique and in the form of an email address. Learn more about Salesforce usernames.

User Mapping Options

  • userName
  • baseName
  • email
  • baseEmail

User Mapping Examples

Tableau Username Salesforce Username Salesforce Email User Mapping Options
user1@company.com user1@company.com user1@company.com userName or email
user1 user1@company.com user1@company.com baseName
user1@company.com user1+production@company.com user1@company.com email
user1 user1+production@company.com user1@company.com baseEmail

Typically using the email user mapping makes the most sense for Tableau Online user mapping and email or baseEmail makes the most sense for Tableau Server user mapping.

What if None of the User Mappings Fit your Naming Convention?

Let's say your Tableau and Salesforce usernames look like this:

Tableau Username Salesforce Username Salesforce Email
john_j_smith john@company.com johnjs@company.com

None of the four user mappings work for this Salesforce and Tableau naming convention:

  • userName - This would pass john@company.com from Salesforce to john_j_smith on Tableau. Not a match.
  • baseName - This would pass john from Salesforce to john_j_smith on Tableau. Not a match.
  • email - This would pass johnjs@company.com from Salesforce to john_j_smith on Tableau. Not a match.
  • baseEmail - This would pass johnjs from Salesforce to john_j_smith on Tableau. Not a match.

There are a few extra Salesforce steps you can take to solve this:

  1. Create a custom field (e.g. tableau_username__c) on your Salesforce User object and for each Tableau user, populate the custom field with that user's corresponding Tableau username. In our example above, we would populate the john@company.com Salesforce user's custom field with john_j_smith.
  2. Add a username parameter to the Visualforce APEX code that references this custom field. Read Displaying Field Values in Visualforce.
<apex:page >
<apex:canvasApp applicationName="{canvas_app}"
        'location': '/z/trusted/{tableau_view_url}',
        'username': '{! $User.tableau_username__c }'
    }" />

If username exists as a parameter in the Visualforce code, the value of username will be used to map the Salesforce user to the Tableau user.

So for our example above, regardless of the user mapping that is defined on the Portal, the username john_j_smith would be passed to Tableau when john@company loads the Visualforce page.

See more information about the overall process of embedding Tableau into Salesforce here:

Embedding Tableau Into Salesforce using Visualforce | Zuar
Market-leading CRM platform Salesforce.com recently acquired Tableau [https://investor.salesforce.com/press-releases/press-release-details/2019/Salesforce-Signs-Definitive-Agreement-to-Acquire-Tableau/default.aspx] , an innovative data visualization [https://www.zuar.com/blog/data-automation-improve-analysis-productivity/…

Next steps:

  1. Share your newly created Salesforce Connected App's Consumer Secret with Zuar either through your account manager or support.
  2. Share your Tableau to Salesforce user mapping naming convention with Zuar either through your account manager or support.
  3. Zuar will configure your Portal to use the Salesforce Connected App's Consumer Secret and User Mapping.
  4. Test the Salesforce Connected App after Zuar performs step 2 above.