Community Spring Cleaning week is here! Join your fellow Maveryx in digging through your old posts and marking comments on them as solved. Learn more here!

Alteryx Server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.
SOLVED

SAML connectifity

Misterhenry
7 - Meteor

Hi,

 

does someone get Alteryx Gallery connected to a custom IDP ? (not the okta or oneping) maybe ADFS or something different.

 

Once i click on login on gallery page, i get redirected to IDP. Entering my email redirects me to Alteryx gallery but there is no mapping from my email to Gallery Admin.

 i used the following URL's:

 

Identifier or URN or EntityID = https://customerURL.company.com/aas/Saml2
Main or Root Application URL = https://customerURL.company.com/gallery
Sign-In EndPoint URL = https://customerURL.company.com/aas/Saml2/Acs

 

Maybe someone has a idea and got this issue already fixed. 

 

Thanks very much

2 REPLIES 2
ChristianR
Alteryx
Alteryx

Hi @Misterhenry

 

From a previous customer using a custom IDP the issue was due to the field mappings being wrong.  It looks like this is likely your case too.  My suggestion will be to revise the field mappings as recommended on point number 6 here:  https://community.alteryx.com/t5/Alteryx-Server-Knowledge-Base/Configuring-SAML-on-Alteryx-Server-fo... also here under (Authentication)  https://help.alteryx.com/server/current/admin/Configuration/SystemSettings/Gallery.htm

 

Map the attributes emailfirstName and lastName to the values user.emailuser.firstName and user.lastName respectively, then click Next on this page and Finish.

 

You should be able to verify the mappings from your aas-log file located by default here:  C:\ProgramData\Alteryx\Logs\aas-log-xxxx.txt

 

The mapping should look like this:  (make sure capitalisation on the N for Name also follows) 

 

 \"email\": \"crincon@alteryx.com\",
    \"firstName\": \"Christian\",
    \"lastName\": \"Rincon\",

Christian Rincon
Manager, Customer Support
Alteryx, Inc.
Misterhenry
7 - Meteor

Hi,

 

yes, it realy important that the claims are named like this:

 \"email\": \"crincon@alteryx.com\",
    \"firstName\": \"Christian\",
    \"lastName\": \"Rincon\",

 

So, our IDP authentication is working now.

 

Thx very much for your help, Christian.