This site uses different types of cookies, including analytics and functional cookies (its own and from other sites). To change your cookie settings or find out more, click here. If you continue browsing our website, you accept these cookies.
Starting in version 2021.1, Alteryx Analytics Hub supports single sign-on (SSO) with Azure Active Directory (Azure AD) using SAML 2.0. PingOne and Okta were previously validated with Analytics Hub for SSO beginning with version 2020.2.
Single sign-on is only used for authenticating users in Analytics Hub. Groups and authorization are handled within Analytics Hub. For a user to authenticate with SSO, they must be licensed, be a member of a site, and have successfully logged into Analytics Hub before with either a directory or local user account. SSO can only be used for authentication through a web browser to Analytics Hub. SSO is not available for Alteryx Designer connections to Analytics Hub.
Alteryx Analytics Hub
Platform Admin role permissions in Analytics Hub
Analytics Hub is configured to use either a CA-signed or self-signed certificate
User email address in Analytics Hub matches the user’s Azure AD email
Azure Portal with permissions to create and edit enterprise applications within Azure AD
Analytics Hub SSO Configuration
Sign-in to Analytics Hub as a user with the Platform Admin role
Select Settings > Directories > Single Sign-On > Add Single Sign-On
Enter the SSO name (e.g., Azure AD)
Azure AD SSO Configuration
Sign-in to Azure Portal
Select the Azure Active Directory service
Select Enterprise applications under Manage on the left menu
Select New application
Select Create your own application
Enter “Alteryx Analytics Hub” at the prompt “What’s the name of your app?”
Select Integrate any other application you don’t find in the gallery
Select Single sign-on under Manage
Select SAML for the single sign-on method
Select Edit for the Basic SAML Configuration
On the Analytics Hub > New SSO Detail page, use the copy link to copy the Entity ID value “alteryx-analytics-hub”. This exact value must be used, and the value must be unique within Azure applications.
On the Azure Basic SAML Configuration Edit page, paste the Entity ID value into the field Identifier (Entity ID) and select this as the default
On the Analytics Hub > New SSO Detail page, use the copy link to copy the Single Sign-on URL value
On the Azure Basic SAML Configuration Edit page, paste the Single Sign-on URL value into the field Reply URL (Assertion Consumer Service URL)
The Basic SAML Configuration will now be updated
Edit the User Attributes & Claims
Add a new claim “email” and set the value to "user.mail" > Save. This is the only required additional claim name. Other additional claims can be deleted.
Close the User Attributes & Claims page to see the updated values
Copy the App Federation Metadata URL
Paste the App Federation Metadata URL value to the IDP Metadata URL field on the Analytics Hub SSO setup page
In Azure SSO setup, Select Users and groups under Manage
Select Add user/group
Select None Selected and search for and select the desired users / groups that will access Analytics Hub using Azure AD SSO and select Assign
The list of users and groups is updated
Select Test on the Analytics Hub SSO setup page. The following is displayed:
The Single Sign-On page is now updated to show the SSO Name, Type, and State
Test Sign-in to Analytics Hub using Azure AD SSO
Access the Analytics Hub login page. Select Sign In with Azure AD.
Once authenticated to Azure AD, the user is presented with the Select a Site page, selects Continue, and is signed-in to the application.