Advent of Code is back! Unwrap daily challenges to sharpen your Alteryx skills and earn badges along the way! Learn more now.
community Alteryx IO Mission Control
alteryx Community
Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Close
Free Trial

Alteryx Server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.

Configuring SAML on Active Directory Federation Services ADFS

jsoler
7 - Meteor
‎02-21-2019 08:42 AM

Hi all community,

we want to configure SAML authentication on Active Directory Federation Services (ADFS). We succeed on the Alteryx Server Settings configuration about which values add for IDP URL, IDP SSO URL and X509Certificate. Then, as Alteryx is not exporting any metadata file to be imported on the ADFS, we are trying to do this configuration manually on ADFS. We have many doubts mainly on the URLs that we have to use on the different steps. Following you can see some doubts:

1) On Configure URL step: which is the Relying party SAML 2.0 SSO service URL? Based on Okta example could be http://YOURGALLERYNAMEHERE/aas/Saml2/Acs?

2) On Configure Identifiers step: Which should be the Relying party trust identifiers? Perhaps the http://YOURGALLERYNAMEHERE/aas

3) On Endpoints tab: Which should be the SAML Assertion Consumer endpoints and Logout Endpoints?

 

Anybody can help us?

 

Browsing the community, I notice there is two articles about SAML on Okta and Pingone, unfortunately for us, they haven't been enough to understand how to configure the ADFS properly.

 

Thank you so much in advance.

 

 

Labels:
Reply
0 Likes
1 REPLY 1
SophiaF
Alteryx
Alteryx
‎03-12-2019 01:35 AM

Hi @jsoler - we have had customers successfully set up SAML using ADFS. While I don't have exact specifics on what they set for these, we have some recommendations for what should be set on your end:

 

  Assertion Consumer Service: https://host.domain.tld/aas/Saml2/Acs

  Audience URI: https://host.domain.tld/aas/Saml2

 

  Claims Attributes:

 

  Alteryx (Outgoing)     ADFS (LDAP)

  -----------------------------------------------

  email                         mail

  firstName                  givenname

  lastName                  Surname

 

  Hash Algorithm: SHA-2 (SHA 256)

Sophia Fraticelli
Senior Solutions Architect
Alteryx, Inc.
Reply
0 Likes
server new user guide
Labels