ALTERYX INSPIRE | Join us this May for for a multi-day virtual analytics + data science experience like no other! Register Now
Alteryx Server Knowledge Base
Definitive answers from Server experts.Configuring SAML 2.0 on Alteryx Server for Azure AD
Starting in 2018.2, Alteryx Server supports a majority of identity provider (IdP) connections that adhere to the SAML 2.0 Standard and allows for single sign on to the Alteryx Gallery. This article covers the configuration and setup for both Azure AD and Alteryx Server.
2. Select the application that will be used for the SAML configuration and then click on Single Sign-On. This will bring up the configuration page for the SAML information. The fields that are required are below:
Required Claim
Additional claims - email
SAML Signing Certificate
Set up Alteryx Gallery (Application Name)
1. In the server settings you will need to make sure SSL is enabled under Gallery > General. You will need to have a certificate installed on the server, more information can be found here .
2. Next, Select SAML Authentication > IDP Metadata URL > and enter the three URLs.
ACS Base URL = This field will auto-populate and will be configured with HTTPS. This is the Gallery URL with "/aas" at the end
IDP URL = This is the Azure AD Identifier URL from the Azure SSO page
IDP Metadata URL = This is the App Federation Metadata URL from the Azure SSO Page
3. Finally, once these are all entered you can hit "Verify IDP" to test the connection. There is also a way to test the connection from the Azure portal as well. Then select Next through the rest of the server settings to save the configuration. Once everything is saved, navigate to the Gallery and hit Log In where you will be prompted with a Microsoft Azure sign in page.
Prerequisites
- Alteryx Server
- Version 2018.2 and Above
- Alteryx Server Access with permissions to configure Alteryx Server Settings
- SSL Enabled for HTTPS
- Azure Portal
- Access (Typically and Admin) to create and edit enterprise applications within Azure Active Directory
Procedure - Part 1 - Azure Configuration
2. Select the application that will be used for the SAML configuration and then click on Single Sign-On. This will bring up the configuration page for the SAML information. The fields that are required are below:
Basic SAML Configuration
Identifier (Entity ID) = https://YOUR_GALLERY_URL.com/aas/Saml2
Reply URL (Assertion Consumer Service URL) = https://YOUR_GALLERY_URL.com/aas/Saml2/Acs
Reply URL (Assertion Consumer Service URL) = https://YOUR_GALLERY_URL.com/aas/Saml2/Acs
**Note** These fields will not accept a HTTP URL
User Attributes %26 Claims
User Attributes %26 Claims
Required claim
Unique User Identifier(Name ID) = set to Email Address and Source Attribute set to user.userprincipalname
Additional claims
firstName = user.givenname
lastName = user.surname
email = user.userprincipalname
**Note** Remove the Namespaces for all Addtional Claims only and make sure firstName and lastName are in camel case.
Required Claim
Additional claims - email
SAML Signing Certificate
App Federation Metadata URL = You will need this URL for the Alteryx Server Settings.
**Note** This is where you can manually download the x.509 certificate
Set up Alteryx Gallery (Application Name)
Azure AD Identifier = You will need this URL for the Alteryx Server Settings
Part 2 - Alteryx Server Settings
1. In the server settings you will need to make sure SSL is enabled under Gallery > General. You will need to have a certificate installed on the server, more information can be found here .
2. Next, Select SAML Authentication > IDP Metadata URL > and enter the three URLs.
ACS Base URL = This field will auto-populate and will be configured with HTTPS. This is the Gallery URL with "/aas" at the end
IDP URL = This is the Azure AD Identifier URL from the Azure SSO page
IDP Metadata URL = This is the App Federation Metadata URL from the Azure SSO Page
3. Finally, once these are all entered you can hit "Verify IDP" to test the connection. There is also a way to test the connection from the Azure portal as well. Then select Next through the rest of the server settings to save the configuration. Once everything is saved, navigate to the Gallery and hit Log In where you will be prompted with a Microsoft Azure sign in page.
