Alteryx server SAML on Azure server

Hello,

I'm currently attempting to enable SAML-authentication for my Alteryx server running on an Azure server. I have managed to enable SSL successfully, but am currently running into problems with configuring SAML in the system settings. I will post a screenshot below that shows the information required by the authentication:

As you know, SAML authentication in Alteryx Server has two possible options for acquiring the metadata required by the IDP. The first one is the metadata URL option and the second one is the X509 certificate and IDP SSO URL.

I have currently been provided with the following information/urls by my company, I will list them below and make my own educated guess to which they correspond in the information required by the SAML configuration in the settings:

1: App EntityID (may correspond to ACS Base URL, I base this on the fact that the default setting is localhost, and the App EntityID is the url to the the gallery from outside)

2: IDP Metadata URL (corresponds to IDP Metadata URL)

3: IDP Logout URL (No corresponding URL in Alteryx server settings

4: IDP Initiated SSO URL (may correspond to IDP SSO URL)

As I have the metadata URL, I believe that I'm supposed to use the the first option of the two that I mentioned earlier. I have tried to use the information that I have been provided with this option, but I can't seem to get the authentication to work.

One very clear problem is that I don't appear to have the IDP URL that is needed by the settings, can anyone help me with this? What I mean is that can anyone help me by explaining what the IDP URL is used for in this case, I have been able to google the uses for the metadata and SSO urls, but can't seem to find out what information this url is supposed to have. Also would it be possible to confirm if my assumptions sound correct with regards to the urls I have been provided and their corresponding counterpart in the settings?

Gallery

Server

Accepted answers

All comments

ianwhite

We have a knowledge article on this. Please review it and if you've already done so, open up a ticket with us via support.alteryx.com

https://community.alteryx.com/t5/Alteryx-Server-Knowledge-Base/Configuring-SAML-2-0-on-Alteryx-Server-for-Azure-AD/ta-p/588828

Esko

Hi ianwhite,

Thanks for the reply! The link was very useful, and I think I should be able to move forward with this. Regarding my problem there is also an another issue I'd like to confirm.

When I try to use the links that I've been provided I get the error: Failed to start authentication service. I googled a bit and came up with several threads on these forums about problems, if the server has been already set up with built-in windows authentication. I'm unsure what to make of the many different posts, but I get the feeling that you'd need to start over with the server or at the very do something about the already set up MongoDB. Link below.

https://community.alteryx.com/t5/Alteryx-Server-Ideas/Allow-changing-of-Gallery-Authentication-without-having-to/idi-p/94838#:~:text=Open%20the%20Alteryx%20Server%20System,you%20would%20like%20to%20use.

Unfortunately, following the instructions in this link did not help me. Can you confirm, if it's necessary to start over with the server if you've already configured it with windows authentication or if there's some straightforward way to change the authentication type? Is this even an issue at this time, like it seems to have been at some point?

Quick Links

This months top contributors

FláviaB 262

JORGE4900 235

caltang 177

DanM 167

IraWatt 157