community
cancel
Showing results for 
Search instead for 
Did you mean: 

alteryx server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.
SOLVED

Best Practices for Workflow Credentials

Alteryx Certified Partner

So I'm setting up the workflow credentials for a new team and assigning the workflow credentials for that team.  The issue I'm having is when I try to create new workflow credentials for use (see image), active directory is not finding the user and getting a username/password error.  The username and password are correct (checked by logging into Alteryx with those credentials without issue) and when checking the event viewer logs, I find a number of "The user has not been granted the requested logon type at this machine" error for the attempted login. When I add the user to the local admin group, then the credentials save fine.

 

My problem is this isn't a scalable solution and seems like it is poor practice, especially as additional environments start getting used (dev/prod).

 

Is there a reason the user must be added to the local admin to save the credentials or is there an error in the configuration?

 

credentials.png

Alteryx Certified Partner

calling the pros @KevinP  @SteveA @PaulN if you guys know (or can call the right person) That would be fantastic.

Alteryx
Alteryx

@paul_houghton This error with the workflow credentials is usually caused by one of two scenarios. Either the credentials are incorrect (changed password, account locked, etc...), or the service isn't able to log onto the server with those credentials for impersonation purposes. In your case this second scenario is very likely causing your issue. Your scenario is commonly caused by group policy settings on the server that deny that user account from logging in either locally or as a batch job. To correct this issue you will need to ensure any accounts used for workflow credentials have the appropriate access to the server. These accounts should be treated the same as the Run As user and should have the same permissions including server logon. Please note that the needed logon permissions do not allow for logon via remote desktop. This permission is handled separately, and isn't required for the Run As user or workflows credentials. For details of the required permissions please reference the follow section of the online server help documentation.

 

https://help.alteryx.com/server/11.8/admin/index.htm#Configuration/RunasPermissions.htm

Alteryx Certified Partner

Hi @KevinP, thanks for getting back to me. Those two issues are something that I had seen being problematic previously. The user was allowed access to logon as batch, and we did confirm the password for that user account.

The second comment you point out regarding the run as permissions was the found to be the issue. Once we gave the user access to the Alteryx folders, the workflow was able to run correctly.

Alteryx Certified Partner

Just thought I would close the loop on this topic and share that the tips from @KevinP was the solution I needed (so the accepted is still right) but I also needed to add any of the Workflow credentials people that get added to the permissions for the run as user. That means any run as user credentials need access to the folders mentioned in the Run As User Permissions link shared earlier.

 

Thanks for the help