community Alteryx IO MyAlteryx
alteryx Community
Search
This Board
  • Global Community
  • This Category
  • This Board
  • Knowledge
  • Users
 cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Close
Free Trial

Alteryx Server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.

Assistance Required for SAML 2.0 Configuration on Alteryx Server

ann_alegria
5 - Atom
‎01-26-2025 04:24 PM

Hi Support,

 

I hope this message finds you well. My name is Ann Alegria from Accenture, and I am currently working on configuring SAML 2.0 on the Alteryx Server for Microsoft Entra ID.

 

We have followed the steps provided in the documentation, but we encountered an issue during testing:

“AADSTS700016: Application with identifier 'http://10.89.133.11/webapi/Saml2' was not found in the directory 'Accenture'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.”

 

Below are the IDP details onboarded in Azure:

Reference: Configure SAML 2.0 on Alteryx Server for Microsoft Entra ID

 

Could you please assist us in resolving this issue?

Thank you for your support.

 

Best regards,
Ann Alegria

Labels:
Reply
0 Likes
2 REPLIES 2
gawa
16 - Nebula
16 - Nebula
‎01-26-2025 11:12 PM

To enable SAML config with Azure(Entra ID), you need to create Enterprise Application in Azure portal first. Necessary settings are described in the manual you shared.

If you already configured Enterprise Application but face an issue "AADSTS700016...", investigate IP address "10.89.133.11" is surely reachable from IDP. 

 

Setting up SAML config of Alteryx Server must involve IT engineer, especially network engineer to properly set DNS, firewall, so on.

 

Reply
0 Likes
Yoshiro_Fujimori
15 - Aurora
15 - Aurora
‎01-26-2025 11:42 PM

"AADSTS700016" is issued by AAD, not by Alteryx.

So you should primarily consult with your Azure team.

 

According to Microsot doument https://learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes,

AADSTS700016

UnauthorizedClient_DoesNotMatchRequest - The application wasn't found in the directory/tenant.

This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant.

You might have misconfigured the identifier value for the application or sent your authentication request to the wrong tenant.

 

From above description, I suppose the error is caused because

Alteryx sends SAML request with Issuer as 'http://10.89.133.11/webapi/Saml2

while your AAD setting expects 'https://alteryxsp.accenture.com/webapi/Saml2'.

So the mismatch caused the error.

 

To confirm if this is the case, you may want to check the Issuer element in your SAML request as a first step.

<saml:Issuer xmlns:saml="...">[YOUR URL]</saml:Issuer>

Your AAD setting should have the above [YOUR URL] in the list of Entity ID.

 

If the mismatch does exist, you may try to solve the mismatch, though I do not know which URL is the correct one

I hope this helps.

Reply
0 Likes
server new user guide
Labels
Top Solution Authors
View All