community
cancel
Showing results for 
Search instead for 
Did you mean: 

alteryx connect Knowledge Base

Definitive answers from Connect experts.

Authentication Methods for Connect

Community Data Engineer
Community Data Engineer
Created on

 Connect Banner.png

 

There are three authentication options in Alteryx Connect that an Administrator can configure for their environment: Manual auth, Windows AD auth, and SAML auth. Please note that Manual auth is always a fallback option, even if you’re using Windows or SAML, which is a notable departure from Gallery authentication, which does not allow mixed authentication modes.

 

Manual Authentication

 

The simplest form of authentication is manual auth, in which a username and password are supplied.

 

  • From within the “People” section, a member of the Administrator group can create a new user account by selecting the orange “+” icon in the bottom right hand corner of the screen:

 

People 1.png

 

People 2.png

 

  • Alternatively, user can create accounts themselves using the “Sign Up” option from an “Allowed Domain”:

 

Sign Up.png

 

1. Email address is always required when setting up users in any auth mode

2. “Login” should be supplied

3. Administrator may choose to leave password blank, allowing the user to use “Password Lookup”

 

Note: To specify an “Allowed Domain” for users to “Sign Up” for your Connect instance, please follow the instructions below:

 

Connect supports the whitelisting of domains from which users can sign up. If a user has an email address with an allowed domain, they can sign up for access. With a new installation, always review these definitions.

 

1. Use the search bar at top to navigate to the “Allowed Domains” page (Datasources > Categories > Domains > Allowed Domains😞

 

Domains 1.png

 

2. As an Admin, click “Edit” at top right of Allowed Domains:

 

Domains 2.png

 

3. Add your company domain(s)

4. Delete the two default values with the “X” on the far right

5. Click “Save” at top right:

 

Domains 3.png

 

Windows Authentication (AD)

 

Windows Authentication uses Active Directory credentials from the user.

 

  • Turn on Windows auth by checking the “Use Windows Authentication for Single Sign-On” checkbox in the Admin console under “Single Sign-On” (Administration > Connect Configuration > Single Sign-On😞

 

AD 3.png

 

  • Manual auth and Windows auth can coexist for the same account
    1. Email address is the key between the two auth types
    2. Users can log out of their Windows auth session and log in with a different manual account
    3. If the Connect Server became unbound to an AD domain, users could still access the site with manual authentication
  • Windows auth requires browser trust, either with SSL/TLS or by adding the Connect domain to a client browser’s “Trusted sites”
  • Win auth supports a single AD domain
  • After turning on this option, access the site with a new browser session to test 

For more information on this option please see the help documentation available here.

 

SAML Authentication

 

SAML 2.0 is supported for authentication to Connect. Click + ADD to open the New SAML window in the Admin console under “Single Sign-On” (Administration > Connect Configuration > Single Sign-On😞

 

AD 4.png

 

Provide a NameIcon, and Description of the new IDP. Then select the method you want to use to provide Identity provider details. You will likely need to visit the IDP site for the necessary information:

 

  • Add IDP endpoint: Enter the SSO URL endpoint and Entity ID, which is a globally unique name for a SAML entity. The ID and endpoint locations do not need to match, but both should contain the needed URL paths and ports to be reached by an external service
  • Upload IDP metadata: Click Choose File to browse to a local XML file that contains the IDP metadata, then click Open to upload the file
  • Get IDP metadata from URL: Provide the IDP Metadata URL. Connect can only access publicly-available URLs

 

In the Active field, click the black icon to enable an IDP for use. Confirm, and a confirmation message appears in the bottom left. The icon changes to a green check mark.

 

In the Actions field:

  • Click the pencil icon to edit an existing IDP connection. Click Save to confirm
  • Click the trash can icon to remove an existing IDP connection. Click Remove to confirm

 

Use the information provided under Alteryx Connect Details when registering Connect as a service provider with an IDP. For more information on how to register a service provider with an IDP, see the IDP's documentation.

 

  • Endpoint URL: The location an IDP points to when making a connection
  • Entity ID: The unique identifier for Connect as a service provider
  • Start URL: The URL available when first logging on to your Connect instance
  • Download Service Provider Metadata: This creates a service provider metadata file that can be used to configure the IDP when configuring SAML single sign-on