community
cancel
Showing results for 
Search instead for 
Did you mean: 

alteryx server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.

Configuring SAML on Active Directory Federation Services ADFS

Atom

Hi all community,

we want to configure SAML authentication on Active Directory Federation Services (ADFS). We succeed on the Alteryx Server Settings configuration about which values add for IDP URL, IDP SSO URL and X509Certificate. Then, as Alteryx is not exporting any metadata file to be imported on the ADFS, we are trying to do this configuration manually on ADFS. We have many doubts mainly on the URLs that we have to use on the different steps. Following you can see some doubts:

1) On Configure URL step: which is the Relying party SAML 2.0 SSO service URL? Based on Okta example could be http://YOURGALLERYNAMEHERE/aas/Saml2/Acs?

2) On Configure Identifiers step: Which should be the Relying party trust identifiers? Perhaps the http://YOURGALLERYNAMEHERE/aas

3) On Endpoints tab: Which should be the SAML Assertion Consumer endpoints and Logout Endpoints?

 

Anybody can help us?

 

Browsing the community, I notice there is two articles about SAML on Okta and Pingone, unfortunately for us, they haven't been enough to understand how to configure the ADFS properly.

 

Thank you so much in advance.

 

 

Moderator
Moderator

Hi @jsoler - we have had customers successfully set up SAML using ADFS. While I don't have exact specifics on what they set for these, we have some recommendations for what should be set on your end:

 

  Assertion Consumer Service: https://host.domain.tld/aas/Saml2/Acs

  Audience URI: https://host.domain.tld/aas/Saml2

 

  Claims Attributes:

 

  Alteryx (Outgoing)     ADFS (LDAP)

  -----------------------------------------------

  email                         mail

  firstName                  givenname

  lastName                  Surname

 

  Hash Algorithm: SHA-2 (SHA 256)

Sophia Fraticelli
Customer Support Engineer