This site uses different types of cookies, including analytics and functional cookies (its own and from other sites). To change your cookie settings or find out more, click here. If you continue browsing our website, you accept these cookies.
We have a server running on a virtual machine configured using SAML authentication linked to Azure for SSO.
When trying to add workflow credentials, the only successful attempt has been using the local log in information for the VM and we cannot get it to recognise user credentials from the Azure active directory.
How can I get the server to validate and utilise credentials from the Azure AD and not on premise users?
We only support the AD that is present where the server is installed. then your local AD needs to trust both ways your AD Azure. It needs to be the same forest.
Outside of Alteryx Server: can you query the Azure AD from where the server is installed? If not you would need help from IT. It might be that you need to move your server installation where it would have access to Azure AD.
Thanks for the reply Loic, I have some further information from our IT team.
In our scenario the server is not installed in any AD at all: it is created as a standalone server inside Azure. The gallery is set up using SAML to Azure AD, but the server itself is not joined to Azure AD and for admin access uses local accounts which we use on RDP to access the server.
In this scenario will we still be able to use AAD credentials within the ‘Run the Worker as a different user’ options within the “Server Config\Worker\Run As” section?
In your case @ConnorClark it looks to me that you won't be able to choose the AD user for the Run as User as your server doesn't have access to AD directly (but through SSO/SAML which is simply the authentication part). The server needs to have access to AD. Question to ask IT: would I be able to issue a simple AD query to AD from this server (outside of Alteryx products)? If the answer is no then Server won't be able to return the list of AD available users or to authenticate the AD Run as User. To be able to use any AD Users (Run as User or Server AD credentials, you need access to AD directly). IT should have options to make it happen in Azure by changing how the server is configured and placed on the network.