We're excited to announce that we'll be partnering with Credly starting October 19th - see what this means and read the announcement blog here!

Alteryx Analytics Hub Knowledge Base

Definitive answers from Alteryx Analytics Hub experts.

How to Configure SAML on Alteryx Analytics Hub for Okta

miteshnarottam
Alteryx
Alteryx
Created
How to Configure SAML on Alteryx Analytics Hub for Okta

Alteryx Analytics hub has the option to integrate with most SAML 2.0 IDP providers. The following article provides instructions on how to setup AAH SAML with Okta.

 Prerequisites
  • Alteryx Analytics Hub  
    • Version(s) 2020.2 and above
  • An Okta account with permissions to create a new App
  • AAH Administrators must ensure user accounts are created, properly licensed, and validated to ensure SSO works for the user (see here for instructions on Adding Local Users)
Procedure

Part 1: Adding Alteryx Analytics Hub to Okta

This section deals with configuring Okta for Single Sign-on. Please note: These instructions assume you are using Okta’s classic UI. The developer's console may look different. You can simply switch between the Developer console and Classic UI using the dropdown located at the top of the page. See screenshot below:
  1. In the Classic UI view of Okta, Hover over the Applications tab and click the Applications Option, Then click on Add Application
  1. Click Create New App
  2. Check Web is selected for the Platform and the for the Sign on method SAML2.0Click Create to continue, then Next on the next page
  1. Enter an App Name and Logo (Optional) and click Next. For example Alteryx Analytics Hub
  1. Under SAML settings enter the Single Single-On URL
    • To find your SSO URL and Entity ID, Log into AAH as a Platform Admin
    • Go to Settings>Directories>Single Single-On+Add Single Single-On
    • Under Additional Information, you will find SSO URL and Entity ID
Enter the Audience URI (SP Entity ID). By default this alteryx-analytics-hub
  1. Enter the Attributes Statements Name and Value as follows, then click Next. Note: This must be entered exactly as specified below:
  • Name: email, Value: user.email
  1. Select the option which best describes your involvement with Okta. Either option will work, i.e. I’m an Okta customer adding an Internal app, then click Finish
  2. Assign the application to yourself and all users that require SAML. Under Assignments, click Assign, followed by Assign People. Assign all required users (i.e. Mitesh Narottam), then click Done
  1. Okta is now setup for AAH


Part 2: Configure Alteryx Analytics Hub SSO

Once Okta is configured to receive requests from Hub, Sign into the Hub as a Platform Admin.
Log into AAH and Navigate to go to Settings>Directories>Single Single-On> +Add Single Single-On

Toggle Enable SSO and enter an SSO name (for example, Okta)



At this stage, you have 3 methods to import IDP setting from Okta
  • Import IDP metadata from URL
  • Add IDP endpoint
  • Import IDP metadata from XML file
 
Option 1 – Import IDP metadata from URL
  1. Open the Okta Console and Click on Sign-On for the app created earlier. Click on Identity Provider metadata (shown below) which will open the metadata file on a browser tab
  1. Copy the Metadata URL and paste this under the Identity Provider Details in AAH
  1. Validate the connection by clicking on Test. If the connection is successful you will see a green tick as shown below.
  1. Click on Save to commit the changes to Analytics Hub.

Option 2 – Add IDP Endpoint
  1. Open the Okta Console and Click on Sign-On for the app created earlier. Click on View Setup Instruction.  
  1. Copy and paste the information from Okta into the respective fields in Analytics Hub.
    • Okta: Identity Provider Single Sign_On URL -  AAH: IDP SSO URL
    • Okta: Identity Provider Issuer - AAH: Entity ID
    • Okta: X.509 Certificate – AAH: X.509 Certificate – Note: Please ensure check the certificate does not include any spaces from start to finish. If you're unsure copy and paste into notepad to double-check for spaces (see example below)
  1. Validate the connection by clicking on Test. Click on Save to commit the changes to Analytics Hub

Option 3 – Import IDP metadata from XML file
  1. Open the Okta Console and Click on Sign-On for the app created earlier. Click on Identity Provider metadata (shown below) which will open the metadata file on a browser tab
  1. Right-click on the page, click Save As, and save the file to a suitable location
  1. Open the Analytics Hub and click on browse to select the metadata file to import.
  1. Validate the connection by clicking on Test. Click on Save to commit the changes to Analytics Hub

Common Issues
 

 "SSO Login Failed" on logon page -   If the IDP validation is successful and the hub login page shows this error:

- Check the user already has an account created in the Hub. Ensure the user is licensed and logged in at least once using the initial credentials provided. The Platform admin can check this under the User Management console  (User management console>>Users>Click on the user). 

- Check the IDP Attribute Claim is correct. This should set to Name: email, Value: user.email
- Check the user's email registered in Okta matches the email set in Analytics Hub.


Additional Resources

No ratings