We're excited to announce that we'll be partnering with Credly starting October 19th - see what this means and read the announcement blog here!

Alteryx Analytics Hub Knowledge Base

Definitive answers from Alteryx Analytics Hub experts.

Configuring Alteryx Analytics Hub for Azure AD Single Sign-on

MarcW
Alteryx
Alteryx
Created

Starting in version 2021.1, Alteryx Analytics Hub supports single sign-on (SSO) with Azure Active Directory (Azure AD) using SAML 2.0. PingOne and Okta were previously validated with Analytics Hub for SSO beginning with version 2020.2.


Single sign-on is only used for authenticating users in Analytics Hub. Groups and authorization are handled within Analytics Hub. For a user to authenticate with SSO, they must be licensed, be a member of a site, and have successfully logged into Analytics Hub before with either a directory or local user account. SSO can only be used for authentication through a web browser to Analytics Hub. SSO is not available for Alteryx Designer connections to Analytics Hub.
 

Prerequisites

 
  • Alteryx Analytics Hub
    • Version 2021.1+
  • Platform Admin role permissions in Analytics Hub
  • Analytics Hub is configured to use either a CA-signed or self-signed certificate
  • User email address in Analytics Hub matches the user’s Azure AD email
  • Azure Portal with permissions to create and edit enterprise applications within Azure AD
 

Procedure

 

    Analytics Hub SSO Configuration
     

    1. Sign-in to Analytics Hub as a user with the Platform Admin role
    2. Select Settings > Directories > Single Sign-On > Add Single Sign-On
    3. Enter the SSO name (e.g., Azure AD)
        

       

      Azure AD SSO Configuration
       

      1. Sign-in to Azure Portal
      2. Select the Azure Active Directory service
      3. Select Enterprise applications under Manage on the left menu
      4. Select New application
      5. Select Create your own application
      6. Enter “Alteryx Analytics Hub” at the prompt “What’s the name of your app?”
        1. Select Integrate any other application you don’t find in the gallery
        2. Select Create
      7. Select Single sign-on under Manage
        1. Select SAML for the single sign-on method
        2. Select Edit for the Basic SAML Configuration
        3. On the Analytics Hub > New SSO Detail page, use the copy link to copy the Entity ID value “alteryx-analytics-hub”. This exact value must be used, and the value must be unique within Azure applications.
        1. On the Azure Basic SAML Configuration Edit page, paste the Entity ID value into the field Identifier (Entity ID) and select this as the default
        2. On the Analytics Hub > New SSO Detail page, use the copy link to copy the Single Sign-on URL value
          1. On the Azure Basic SAML Configuration Edit page, paste the Single Sign-on URL value into the field Reply URL (Assertion Consumer Service URL)
          2. Select Save
          3. The Basic SAML Configuration will now be updated
          1. Edit the User Attributes & Claims
            1. Add a new claim “email” and set the value to "user.mail" > Save. This is the only required additional claim name. Other additional claims can be deleted.
           
          1. Close the User Attributes & Claims page to see the updated values
          1. Copy the App Federation Metadata URL
          1. Paste the App Federation Metadata URL value to the IDP Metadata URL field on the Analytics Hub SSO setup page
          1. In Azure SSO setup, Select Users and groups under Manage
            1. Select Add user/group
            2. Select None Selected and search for and select the desired users / groups that will access Analytics Hub using Azure AD SSO and select Assign
            3. The list of users and groups is updated
          2. Select Test on the Analytics Hub SSO setup page. The following is displayed:
          1. Select Done
          2. Select Save
          1. The Single Sign-On page is now updated to show the SSO Name, Type, and State


          Test Sign-in to Analytics Hub using Azure AD SSO

           
          1. Access the Analytics Hub login page. Select Sign In with Azure AD.
          1. Once authenticated to Azure AD, the user is presented with the Select a Site page, selects Continue, and is signed-in to the application.


          No ratings