cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Tableau - Service Principal access

Go to solution
yit337
Contributor

โ€Ž02-13-2026 03:20 AM - edited โ€Ž02-13-2026 03:21 AM

Can I access Tableau with Service Principal by OAuth, or I have to create Personal Access Token for the SP?
I can't find this in the docs..

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
KartikBhatnagar
New Contributor III

โ€Ž02-23-2026 02:34 AM

In Tableauโ€™s Databricks connector, OAuth is user-based (U2M) โ€” it always logs in as a person via SSO. It does not support logging in as a service principal through the interactive OAuth flow.
If you need a non-human identity (e.g., for scheduled refresh or to avoid dependency on a user account), you must use a PAT generated for the service principal/Headless (or a service principalโ€“based token). OAuth in Tableau is not designed for SP login.

Kartik bhatnagar

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
bianca_unifeye
Databricks MVP

โ€Ž02-13-2026 05:23 AM

https://learn.microsoft.com/en-us/azure/databricks/partners/bi/tableau

You will need a token, please read best practices in the article above.

0 Kudos

Go to solution
yit337
Contributor

โ€Ž02-13-2026 06:18 AM - edited โ€Ž02-13-2026 06:19 AM

@bianca_unifeye 
I'm aware of the best practices. What confuses me is that when I open Tableau, I have two options to authenticate - OAuth and PAT. Currently I'm using the PAT generated from the Service Principal. But, when I try to login with the OAuth, it logs me with my user account, not the Service Principal. So, my question is: is it possible to login in Tableau with OAuth as Service Principal? Or do I have to create PAT for the SP, and login with it?

Best practices are to use OAuth to authenticate in Tableau - but how to do it for Service Principal?!

0 Kudos

Go to solution
bianca_unifeye
Databricks MVP
In response to yit337

โ€Ž02-16-2026 03:20 AM

  • If your requirement is โ€œTableau refreshes and access should not depend on any personโ€, then PAT for the SP (with rotation + least privilege) is typically the right approach.

  • If your requirement is โ€œeach Tableau user should access data as themselvesโ€, then OAuth (user identity) is the right approach.

OAuth in Tableau generally cannot โ€œlog in as a Service Principalโ€ because OAuth is tied to a user authorization step; Service Principals are meant for headless flows, and Tableauโ€™s OAuth UX doesnโ€™t target that scenario. PAT is the standard workaround for SP/non-user accounts.

0 Kudos

Go to solution
KartikBhatnagar
New Contributor III

โ€Ž02-23-2026 02:34 AM

In Tableauโ€™s Databricks connector, OAuth is user-based (U2M) โ€” it always logs in as a person via SSO. It does not support logging in as a service principal through the interactive OAuth flow.
If you need a non-human identity (e.g., for scheduled refresh or to avoid dependency on a user account), you must use a PAT generated for the service principal/Headless (or a service principalโ€“based token). OAuth in Tableau is not designed for SP login.

Kartik bhatnagar
0 Kudos
Announcements