Assistance Required for SAML 2.0 Configuration on Alteryx Server

Question

Hi Support,

I hope this message finds you well. My name is Ann Alegria from Accenture, and I am currently working on configuring SAML 2.0 on the Alteryx Server for Microsoft Entra ID.

We have followed the steps provided in the documentation, but we encountered an issue during testing:

“AADSTS700016: Application with identifier 'http://10.89.133.11/webapi/Saml2' was not found in the directory 'Accenture'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.”

Below are the IDP details onboarded in Azure:

* Entity ID: https://alteryxsp.accenture.com/webapi/Saml2
* Reply URL: https://alteryxsp.accenture.com/webapi/Saml2/acs

Reference: Configure SAML 2.0 on Alteryx Server for Microsoft Entra ID

Could you please assist us in resolving this issue?

Thank you for your support.

Best regards,
Ann Alegria

Yoshiro_Fujimori · Answer

"AADSTS700016" is issued by AAD, not by Alteryx. So you should primarily consult with your Azure team. According to Microsot doument https://learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes, AADSTS700016 UnauthorizedClient_DoesNotMatchRequest - The application wasn't found in the directory/tenant. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have misconfigured the identifier value for the application or sent your authentication request to the wrong tenant. From above description, I suppose the error is caused because Alteryx sends SAML request with Issuer as 'http://10.89.133.11/webapi/Saml2' while your AAD setting expects 'https://alteryxsp.accenture.com/webapi/Saml2'. So the mismatch caused the error. To confirm if this is the case, you may want to check the Issuer element in your SAML request as a first step. [YOUR URL] Your AAD setting should have the above [YOUR URL] in the list of Entity ID. If the mismatch does exist, you may try to solve the mismatch, though I do not know which URL is the correct one I hope this helps.

Gawa · Answer

To enable SAML config with Azure(Entra ID), you need to create Enterprise Application in Azure portal first. Necessary settings are described in the manual you shared.

If you already configured Enterprise Application but face an issue "AADSTS700016...", investigate IP address "10.89.133.11" is surely reachable from IDP.

Setting up SAML config of Alteryx Server must involve IT engineer, especially network engineer to properly set DNS, firewall, so on.