This site uses different types of cookies, including analytics and functional cookies (its own and from other sites). To change your cookie settings or find out more, click here. If you continue browsing our website, you accept these cookies.
The simplest form of authentication is manual auth, in which a username and password are supplied.
From within the “People” section, a member of the Administrator group can create a new user account by selecting the orange “+” icon in the bottom right hand corner of the screen:
Alternatively, user can create accounts themselves using the “Sign Up” option from an “Allowed Domain”:
1. Email address is always required when setting up users in any auth mode
2. “Login” should be supplied
3. Administrator may choose to leave password blank, allowing the user to use “Password Lookup”
Note: To specify an “Allowed Domain” for users to “Sign Up” for your Connect instance, please follow the instructions below:
Connect supports the whitelisting of domains from which users can sign up. If a user has an email address with an allowed domain, they can sign up for access. With a new installation, always review these definitions.
1. Use the search bar at top to navigate to the “Allowed Domains” page (Datasources > Categories > Domains > Allowed Domains😞
2. As an Admin, click “Edit” at top right of Allowed Domains:
3. Add your company domain(s)
4. Delete the two default values with the “X” on the far right
5. Click “Save” at top right:
Windows Authentication (AD)
Windows Authentication uses Active Directory credentials from the user.
Turn on Windows auth by checking the “Use Windows Authentication for Single Sign-On” checkbox in the Admin console under “Single Sign-On” (Administration > Connect Configuration > Single Sign-On😞
Manual auth and Windows auth can coexist for the same account
Email address is the key between the two auth types
Users can log out of their Windows auth session and log in with a different manual account
If the Connect Server became unbound to an AD domain, users could still access the site with manual authentication
Windows auth requires browser trust, either with SSL/TLS or by adding the Connect domain to a client browser’s “Trusted sites”
Win auth supports a single AD domain
After turning on this option, access the site with a new browser session to test
For more information on this option please see the help documentation available here.
SAML 2.0 is supported for authentication to Connect. Click + ADD to open the New SAML window in the Admin console under “Single Sign-On” (Administration > Connect Configuration > Single Sign-On😞
Provide a Name, Icon, and Description of the new IDP. Then select the method you want to use to provide Identity provider details. You will likely need to visit the IDP site for the necessary information:
Add IDP endpoint: Enter the SSO URL endpoint and Entity ID, which is a globally unique name for a SAML entity. The ID and endpoint locations do not need to match, but both should contain the needed URL paths and ports to be reached by an external service
Upload IDP metadata: Click Choose File to browse to a local XML file that contains the IDP metadata, then click Open to upload the file
Get IDP metadata from URL: Provide the IDP Metadata URL. Connect can only access publicly-available URLs
In the Active field, click the black icon to enable an IDP for use. Confirm, and a confirmation message appears in the bottom left. The icon changes to a green check mark.
In the Actions field:
Click the pencil icon to edit an existing IDP connection. Click Save to confirm
Click the trash can icon to remove an existing IDP connection. Click Remove to confirm
Use the information provided under Alteryx Connect Details when registering Connect as a service provider with an IDP. For more information on how to register a service provider with an IDP, see the IDP's documentation.
Endpoint URL: The location an IDP points to when making a connection
Entity ID: The unique identifier for Connect as a service provider
Start URL: The URL available when first logging on to your Connect instance
Download Service Provider Metadata: This creates a service provider metadata file that can be used to configure the IDP when configuring SAML single sign-on