TLDR:
To embed a Tableau dashboard in a web app, you host your dashboards on Tableau Cloud or Tableau Server and load them inside your application using the Tableau Embedding API or an <tableau-viz> web component. You then secure access with an authentication pattern like SSO, trusted authentication, or Tableau Connected Apps with JWT, and pay for both Tableau licenses and any embedded viewer pricing.
In technical terms, embedding Tableau dashboards means integrating interactive Tableau views directly into a web application, portal, or SaaS product UI while preserving security, permissions, and row-level security (RLS). Modern implementations use Tableau Connected Apps plus JSON Web Tokens (JWT) to create a trust relationship between your app and Tableau, letting you sign users in silently and enforce fine-grained access control.
On the commercial side, you typically combine Creator, Explorer, and Viewer licenses (e.g., $75 / $42 / $15 per user per month for standard deployments in 2025, billed annually) and, for larger embedded use cases, additional embedded viewer or core licensing that can run into the tens of thousands of dollars per year.
This guide walks you through:
How embedding actually works in web apps
The main authentication patterns (public, SSO, trusted tickets, Connected Apps JWT/OAuth)
What pricing really looks like in 2025, including hidden cost drivers
A practical decision framework for mid-sized SaaS and internal app teams
How to get started quickly with an embed starter repo and consulting support
Why do teams want to embed Tableau dashboards in web apps?
If you are building a SaaS product, a customer portal, or an internal web app, your users don’t want “yet another analytics tool” with a separate login. They want charts, KPIs, and drill-down dashboards inside the experience they already use. Embedding Tableau dashboards lets you reuse your existing analytics stack while shipping a “native-looking” analytics layer in your app.
For product and data leaders, this is attractive because:
You reuse existing Tableau skills and assets instead of building custom charts from scratch.
You keep governance, data models, and RLS in Tableau, not scattered across microservices.
You can move faster from proof-of-concept to production embedded analytics.
However, once you move beyond simple public embeds, you hit two complex questions:
How do we authenticate users securely?
How much will Tableau embedded analytics really cost at scale?
This article answers both from a mid-market, MOFU perspective: you already use (or are considering) Tableau and want to know the practical path to embed Tableau dashboards in your web apps without blowing up security or budget.
What does it actually mean to embed a Tableau dashboard in a web app?
At a high level, to embed a Tableau dashboard you:
Host content on Tableau Cloud or Tableau Server.
Expose it via URL or via the Tableau Embedding API v3 (with the
<tableau-viz>web component).Place that component inside your web app (React, Angular, Vue, .NET, etc.).
Authenticate users (public, SSO, JWT, etc.) and map them to Tableau identities.
Apply permissions & row-level security, so each user only sees their data.
From a user’s point of view, they just see:
A page like
/analyticsin your appA dashboard with filters, tooltips, and drill-down
No separate Tableau login screen when embedded authentication is done right
From a technical point of view, the key pieces are:
Tableau site: Where dashboards live (Tableau Cloud or Server).
Embedding layer: HTML/JS snippet or
<tableau-viz>in your app.Auth & SSO: How your app proves user identity to Tableau (SAML, OAuth, JWT, trusted tickets).
Governance: Groups, roles, and RLS in Tableau for secure embedded analytics.
How does Tableau embedding architecture work end-to-end?
Think of Tableau embedded analytics as three layers:
Presentation layer (your app)
React/Next.js, Angular, Vue, or server-rendered UI.
Uses
<tableau-viz>or an iframe to embed content from Tableau.
Identity & auth layer
Your app’s identity provider (Azure AD, Okta, Auth0, Keycloak, etc.).
Optional external authorization server (EAS) that issues JWTs for Tableau Connected Apps.
Tableau’s own user identities mapped to your users.
Analytics & data layer
Tableau Cloud or Tableau Server with workbooks and data sources.
RLS rules embedded in data sources, calculations, or policies.
Basic flow when you embed a Tableau dashboard with Connected Apps + JWT:
User signs into your web app (via your IdP).
Your backend calls an external authorization server (or runs its own logic) to create a signed JWT for Tableau.
You render
<tableau-viz>in the front end, passing the JWT token.Tableau verifies the token (signature + claims) and creates a session mapped to a Tableau user.
Dashboard loads with correct permissions and RLS applied.
This is currently Tableau’s recommended pattern for secure embedded analytics with SSO—especially when you want a seamless user experience in a customer-facing web app
Which authentication patterns can you use to embed Tableau dashboards?
When teams first search “how to embed Tableau dashboard”, they often start with a simple iframe, then quickly realize they need a more robust auth pattern. Here are the main options, from least to most enterprise-ready.
1. Public or guest access embedding
What it is:
Make the view public or accessible to unauthenticated users, then use a simple embed URL in an iframe or
<tableau-viz>.
When it’s used:
Marketing sites, blog posts, demo environments where data is not sensitive.
Pros:
Easiest way to embed Tableau dashboard.
No auth logic in your app.
Cons:
No personalization or RLS.
Not acceptable for most production customer portals or internal KPIs.
This is fine for top-of-funnel experiences, not for signed-in analytics.
2. SAML-based SSO with Tableau Online or Server
What it is:
Configure Tableau as a service provider (SP) with your SAML IdP (Okta, Azure AD, etc.).
When a user hits an embedded view, they’re redirected to SSO and then back into Tableau.
Pros:
Centralized identity control via your IdP.
Works well for internal enterprise users.
Cons:
Redirects may cause flicker or login prompts if session management isn’t tuned.
Less suitable for external customers who don’t live in your corporate IdP.
This works best for internal apps where everyone is already on your SSO.
3. Trusted Authentication (Trusted Tickets)
What it is:
Your web server authenticates the user, then requests a trusted ticket from Tableau Server.
You embed the dashboard using that ticket so Tableau trusts the user identity without re-prompting for credentials.
Pros:
Classic pattern that many teams still use with Tableau Server.
Enables SSO without the user explicitly logging into Tableau.
Cons:
Server-to-server trust must be carefully locked down to avoid abuse.
Primarily for Tableau Server (not Tableau Cloud).
Being gradually superseded by Connected Apps + JWT.
If you’re on older versions of Tableau Server, you’ll still see this recommended in some guides.
4. Tableau Connected Apps with Direct Trust (JWT)
What it is:
Tableau Connected Apps let you define an app ID and secret, and establish a trust relationship between your app and Tableau.
Your app generates a signed JWT that Tableau validates when embedding content.
Pros:
Modern, secure pattern with short-lived JWTs.
Great for multi-tenant SaaS or B2B portals.
Strong control over claims (user ID, groups, scopes).
Works across Tableau Cloud and Tableau Server current versions.
Cons:
Requires backend JWT-signing service and key rotation.
Slightly higher engineering overhead than simple SAML or trusted tickets.
If you’re starting a new web app in 2025, this is typically the recommended way to embed Tableau dashboards securely.
5. Connected Apps with OAuth 2.0 Trust and External Authorization Server (EAS)
What it is:
Instead of signing JWTs directly from your app, you register an External Authorization Server (EAS) using OAuth 2.0.
Tableau trusts the EAS to issue tokens, and your app drives SSO via the IdP/EAS.
Pros:
Centralizes authorization logic and token issuance.
Scales well in organizations already running OAuth infrastructure.
Cons:
More moving parts (IdP, EAS, Tableau).
Overkill for smaller teams that just need a simple embed SSO flow.
This is a fit for larger enterprises with complex identity architecture.
How do you choose the right Tableau auth pattern for your use case?
Here’s a practical decision matrix for choosing how to embed Tableau dashboards:
| Scenario | Recommended auth pattern | Why it works well |
|---|---|---|
| Public marketing site | Public/guest embed | Simplicity, no login needed |
| Internal teams on corporate SSO | SAML SSO or Connected Apps | Leverages existing IdP, easy for internal-only |
| Customer portal with many tenants | Connected Apps with JWT | Flexible claims, good for multi-tenant RLS |
| Legacy deployment on Tableau Server | Trusted tickets (short term) | Works with older infra until you upgrade |
| Enterprise with OAuth infra | Connected Apps + OAuth 2.0 trust | Aligns with centralized authorization |
Across the BI market, embedded and composable analytics have become a clear trend: vendors now offer SDKs and APIs specifically targeted at embedding dashboards into products and workflows.
So, if you are starting fresh in 2026, embedding Tableau with Connected Apps + JWT is usually the sweet spot: modern, secure, and well-aligned with where Tableau’s own docs and samples are heading.
What does Tableau embedded analytics really cost in 2026?
This is usually the first question: “If I embed Tableau dashboards into my web app, what will the pricing look like?”
Officially, Tableau follows a per-user licensing model with three main roles: Creator, Explorer, Viewer. Typical headline prices (standard edition, billed annually) remain around:
Creator: ~$75/user/month
Explorer: ~$42/user/month
Viewer: ~$15/user/month
For embedded analytics, the pricing picture usually includes:
Core user licenses
Creators: Power users who design dashboards and data models.
Explorers: Internal analysts or power users who interact and build from published sources.
Viewers: End users, internal or external, who just consume dashboards.
Embedded viewers / embedded analytics SKU
Many analyses of Tableau embedded pricing report embedded viewers around $420 per viewer per year, depending on volume and negotiation.
At scale, embedded deployments can quickly reach high five- or six-figure annual contracts, especially when combined with enterprise add-ons.
Infrastructure or core licensing (Tableau Server)
For on-premise or self-hosted scenarios, core licensing for Tableau Server infrastructure may start around $72k/year plus 20–40% support fees.
Hidden or indirect costs
Engineering effort for embedding, SSO, and token services.
Dev/test environments.
Monitoring, logging, and performance tuning.
An independent breakdown of embedded analytics tools shows Tableau as one of the more enterprise-priced platforms, with strong capabilities but non-trivial total cost of ownership compared to more “embedded-first” tools.
How can mid-sized teams control Tableau embedding costs?
If you’re a mid-sized SaaS or internal product team, you don’t want your “embedded dashboards” project to become a runaway cost center. Here are practical levers you can pull:
Optimize license mix
Keep Creator licenses limited to a small central BI or data team.
Use Explorers for internal analysts who truly need self-service.
Make external customers Viewers or embedded viewers only.
Segment environments smartly
One shared Tableau Cloud site with proper RLS often costs less than a proliferation of sites.
Use row-level security to isolate tenants instead of separate workbooks for each client.
Choose the right auth pattern upfront
Connected Apps + JWT vs. trusted tickets is not just a security decision; it also impacts how easily you can scale across tenants without over-provisioning users.
Limit dashboard complexity
Heavier workbooks → heavier compute, slower dashboards, and pressure for bigger infrastructure.
Use performance best practices (extracts, aggregated data sources, fewer quick filters).
Compare “build vs embed vs hybrid” honestly
In some cases, you might combine Tableau embedded analytics for rich, governed dashboards with custom lightweight charts for simple metrics where per-viewer cost is hard to justify.
If you want a broader view of tooling trade-offs (especially if you’re also evaluating Power BI, Looker, or other low-code tools), you might find our article on low-code AI tools and automation useful:
How do you design a modern Tableau embed architecture for a web app?
Let’s walk through a reference architecture that uses Connected Apps and JWT to embed Tableau dashboards in a modern web app.
Step 1 – Choose Tableau Cloud vs Tableau Server
Tableau Cloud
Managed hosting.
Simplifies infrastructure, great for SaaS and customer-facing apps.
Tableau Server
Self-hosted, more control over data residency and network.
Comes with core infrastructure costs and maintenance overhead.
Many mid-sized companies now lean toward Tableau Cloud plus Connected Apps for embedded use cases.
Step 2 – Model your identity and tenancy
Before you embed a single dashboard, clarify:
Who are your end users? Internal only, customers, or partners?
How are they authenticated today? (Azure AD, Okta, custom auth, etc.)
How do you define a tenant? (Customer account, region, business unit…)
Your JWT claims should typically include:
sub(user ID)emailgroupsor tenant identifiersOptional custom claims for RLS rules
This mapping is key for both security and minimizing license cost.
Step 3 – Configure Tableau Connected Apps
On Tableau Cloud or Server:
Enable Connected Apps for the site.
Create a new connected app (direct trust or OAuth 2.0 trust).
Generate and securely store the client ID and secret (or configure EAS).
Configure allowed domains, scopes, and embedding settings.
You can use Tableau’s official JWT samples (C#, Java, JS, Python) as a starting point for token generation services.
Step 4 – Build a token service in your backend
Create a small backend service (Node.js, Python, .NET, etc.) that:
Receives the authenticated user context from your app.
Validates the user is allowed to access embedded analytics.
Builds a JWT with proper claims (user, groups, etc.).
Signs it with the Connected App’s secret.
Returns the token to your front end.
This service should:
Issue short-lived tokens (e.g., 5–15 minutes).
Log and monitor token issuance.
Support key rotation.
Step 5 – Embed Tableau dashboards using <tableau-viz>
In your React/Next.js front end, you can embed a Tableau dashboard like this (simplified):
The token property in the <tableau-viz> element lets Tableau authenticate the user using the JWT, without the user needing to log in to Tableau separately.
You can then control:
Filters and parameters via the Embedding API
Events (e.g., mark selection, filter changes)
Layout responsiveness and theming to match your web app
Step 6 – Enforce row-level security for embedded Tableau dashboards
Embedding is only half the story; RLS ensures each user sees the right slice of data. Typically, you would:
Create a security table mapping user/tenant groups to allowed keys (e.g.,
CustomerID,Region).Join this table into your data source or apply security filters.
Use JWT claims or Tableau groups to drive which rows each viewer can see.
Because embedded analytics is a major growth area, analysts report that vendors, including Tableau, are investing heavily in these “composable” architectures that make it easier to plug governed analytics into external apps.
How can a Tableau embed starter repo speed this up?
A lot of teams stall because they’re not sure how to connect all the pieces—front end, token service, Tableau configuration, and devops. That’s where an embed starter repo becomes valuable.
A good Tableau embed starter repo should include:
A minimal React or Next.js front end with
<tableau-viz>already wired.A backend token service (e.g., Node/Express or Python/FastAPI) that:
Reads your Connected App secrets from environment variables.
Generates signed JWTs with standard claims.
Provides an authenticated API endpoint for embed tokens.
Example RLS configuration and claim mapping.
Scripts or docs to configure Connected Apps on Tableau Cloud.
How does embedding Tableau compare to building custom analytics?
If you’re in the “build vs embed” decision phase, here’s a quick comparison from a business perspective:
Embed Tableau dashboard (what this article covers):
Pros
Fast time to value and uses your existing Tableau assets.
Strong visual exploration and drill-down.
Mature governance and RLS story.
Backed by a leading enterprise BI vendor in a competitive market.
Cons
Per-user/viewer pricing can be high at scale.
Strongest for dashboard-style analytics, less for pixel-perfect operational reports.
Build custom analytics from scratch:
Pros
Full control over UX and cost model.
Deep integration with your domain logic.
Cons
Longer time to market, more engineering headcount.
You must solve charting, caching, metadata, and governance yourself.
Many mid-sized organizations end up with a hybrid: embed Tableau dashboards for complex analytical workflows and use custom charts or low-code tooling for simple product metrics. To explore automation and AI options that can complement embedded BI, you can read:
When should you call in a Tableau + automation consulting partner?
If you’re dealing with any of these situations, a specialist partner can save you weeks of trial and error:
You need to embed Tableau dashboards into a multi-tenant SaaS app with complex RLS.
You must integrate with existing SSO and OAuth infrastructure (Okta, Azure AD, custom IdPs).
You want to combine Tableau embedded analytics with automation and AI workflows (e.g., sending alerts, triggering emails, or pushing insights to Slack).
You don’t have in-house capacity to build the token service, CI/CD, and monitoring for embedded analytics.
At Lets Viz, we help businesses design and implement end-to-end analytics stacks—from data modeling to Tableau dashboards to embedding, plus automation. If you’re considering an embedded deployment, you might also find these services relevant:
Yes. If you use Connected Apps with JWT or trusted authentication, your users sign into your app, and your backend issues a token or trusted ticket that logs them into Tableau behind the scenes. They never see a separate Tableau login screen
For most mid-sized teams, Tableau Cloud is simpler because infrastructure is managed for you. Tableau Server is a better fit when you have strict data residency, network, or compliance requirements and are ready to manage servers, upgrades, and core licensing costs
You pay for a mix of Creator/Explorer/Viewer licenses, plus any embedded viewer SKUs and possibly core licensing or support if you’re on Tableau Server. Many 2025 breakdowns show embedded viewer pricing in the hundreds of dollars per viewer per year, with total deployments ranging from low five figures to high six figures annually, depending on scale and negotiation
Technically, yes—you can load Tableau dashboards in an iframe. But security depends on how the session is authenticated. Public iframes are fine for non-sensitive data, but for customer or internal analytics you should use SSO, trusted auth, or Connected Apps with JWT so access is tied to your app’s user identity and permissions
Use RLS rules in your Tableau data model, often by joining to a security table or applying user/tenant filters. Then map your app’s user identity to Tableau users or groups via SSO/JWT claims so each viewer only sees their data slice. Connected Apps and JWT claims are particularly well-suited for multi-tenant RLS.
Yes. Many organizations use Tableau for deep analytical dashboards and other tools or custom charts for lightweight or operational metrics. The key is to design a clear “who sees what where” architecture so users aren’t confused and costs stay predictable
Use an embed starter repo that already includes a sample front end with <tableau-viz> and a backend token service wired to Tableau Connected Apps. From there, you just configure your Connected App in Tableau Cloud/Server, set environment variables, and point to your dashboards. This can compress a multi-week proof-of-concept into a few focused development sessions
