Get Inspire insights from former attendees in our AMA discussion thread on Inspire Buzz. ACEs and other community members are on call all week to answer!
community Alteryx IO Alteryx.com
alteryx Community
Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Close
Free Trial

Alteryx Connect Knowledge Base

Definitive answers from Connect experts.

Authentication Methods for Connect

MattD
Alteryx Alumni (Retired)
Created

on ‎10-18-2018 02:17 PM - edited on ‎12-03-2020 02:40 PM by

Connect Banner.png

 

There are three authentication options in Alteryx Connect that an Administrator can configure for their environment: Manual auth, Windows AD auth, and SAML auth. Please note that Manual auth is always a fallback option, even if you’re using Windows or SAML, which is a notable departure from Gallery authentication, which does not allow mixed authentication modes.

 

Manual Authentication

 

The simplest form of authentication is manual auth, in which a username and password are supplied.

 

  • From within the “People” section, a member of the Administrator group can create a new user account by selecting the orange “+” icon in the bottom right hand corner of the screen

 

People 1.png

 

People 2.png

 

  • Alternatively, user can create accounts themselves using the “Sign Up” option from an “Allowed Domain”

 

Sign Up.png

 

1. Email address is always required when setting up users in any auth mode

2. “Login” should be supplied

3. Administrator may choose to leave password blank, allowing the user to use “Password Lookup”

 

Note: To specify an “Allowed Domain” for users to “Sign Up” for your Connect instance, please follow the instructions below

 

Connect supports the whitelisting of domains from which users can sign up. If a user has an email address with an allowed domain, they can sign up for access. With a new installation, always review these definitions.

 

1. Use the search bar at top to navigate to the “Allowed Domains” page (Datasources > Categories > Domains > Allowed Domains

 

Domains 1.png

 

2. As an Admin, click “Edit” at top right of Allowed Domains

 

Domains 2.png

 

3.Add your company domain(s)

4. Delete the two default values with the “X” on the far right

5. Click “Save” at top right

 

Domains 3.png

 

Windows Authentication (AD)

 

Windows Authentication uses Active Directory credentials from the user.

 

  • Turn on Windows auth by checking the “Use Windows Authentication for Single Sign-On” checkbox in the Admin console under “Single Sign-On” (Administration > Connect Configuration > Single Sign-On

 

AD 3.png

 

  • Manual auth and Windows auth can coexist for the same account
    1. Email address is the key between the two auth types
    2. Users can log out of their Windows auth session and log in with a different manual account
    3. If the Connect Server became unbound to an AD domain, users could still access the site with manual authentication
  • Windows auth requires browser trust, either with SSL/TLS or by adding the Connect domain to a client browser’s “Trusted sites”
  • Win auth supports a single AD domain
  • After turning on this option, access the site with a new browser session to test

For more information on this option please see the help documentation available here.

 

SAML Authentication

 

SAML 2.0 is supported for authentication to Connect. Click+ ADDto open the New SAML window in the Admin console under “Single Sign-On” (Administration > Connect Configuration > Single Sign-On

 

AD 4.png

 

Provide aName,Icon, andDescriptionof the new IDP. Then select the method you want to use to provideIdentity provider details. You will likely need to visit the IDP site for the necessary information

 

  • Add IDP endpoint: Enter theSSO URL endpointandEntity ID, which is a globally unique name for a SAML entity. The ID and endpoint locations do not need to match, but both should contain the needed URL paths and ports to be reached by an external service
  • Upload IDP metadata: ClickChoose Fileto browse to a local XML file that contains the IDP metadata, then clickOpento upload the file
  • Get IDP metadata from URL: Provide theIDP Metadata URL. Connect can only access publicly-available URLs

 

In theActivefield, click the black icon to enable an IDP for use. Confirm, and a confirmation message appears in the bottom left. The icon changes to a green check mark.

 

In theActionsfield

  • Click the pencil icon to edit an existing IDP connection. ClickSave to confirm
  • Click the trash can icon to remove an existing IDP connection. ClickRemove to confirm

 

Use the information provided underAlteryx Connect Detailswhen registering Connect as a service provider with an IDP. For more information on how to register a service provider with an IDP, see the IDP's documentation.

 

  • Endpoint URL: The location an IDP points to when making a connection
  • Entity ID: The unique identifier for Connect as a service provider
  • Start URL: The URLavailable when first logging on to your Connect instance
  • Download Service Provider Metadata: This creates a service provider metadata file that can be used to configure the IDP when configuring SAML single sign-on