We're excited to announce that we'll be partnering with Credly starting October 19th - see what this means and read the announcement blog here!

Alteryx Server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.
SOLVED

Adding new workflow credentials using Azure AD

ConnorClark
5 - Atom

Hi All, 

 

We have a server running on a virtual machine configured using SAML authentication linked to Azure for SSO.

 

When trying to add workflow credentials, the only successful attempt has been using the local log in information for the VM and we cannot get it to recognise user credentials from the Azure active directory.


How can I get the server to validate and utilise credentials from the Azure AD and not on premise users? 

3 REPLIES 3
Loic
Alteryx
Alteryx

We only support the AD that is present where the server is installed. then your local AD needs to trust both ways your AD Azure. It needs to be the same forest.

Outside of Alteryx Server: can you query the Azure AD from where the server is installed? If not you would need help from IT. It might be that you need to move your server installation where it would have access to Azure AD.

ConnorClark
5 - Atom

Thanks for the reply Loic, I have some further information from our IT team.

 

In our scenario the server is not installed in any AD at all:  it is created as a standalone server inside Azure.  The gallery is set up using SAML to Azure AD, but the server itself is not joined to Azure AD and for admin access uses local accounts which we use on RDP to access the server.    

 

In this scenario will we still be able to use AAD credentials within the ‘Run the Worker as a different user’ options within the “Server Config\Worker\Run As” section?

Loic
Alteryx
Alteryx

In your case @ConnorClark it looks to me that you won't be able to choose the AD user for the Run as User as your server doesn't have access to AD directly (but through SSO/SAML which is simply the authentication part). The server needs to have access to AD. Question to ask IT: would I be able to issue a simple AD query to AD from this server (outside of Alteryx products)? If the answer is no then Server won't be able to return the list of AD available users or to authenticate the AD Run as User. To be able to use any AD Users (Run as User or Server AD credentials, you need access to AD directly). IT should have options to make it happen in Azure by changing how the server is configured and placed on the network.