Showing results for 
Search instead for 
Did you mean: 

alteryx server Knowledge Base

Definitive answers from Server experts.

Configuring SAML on Alteryx Server for Okta

Sr. Data Science Content Engineer
Sr. Data Science Content Engineer
Created on

SAML (Security Assertion Markup Language) is a standardized way for exchanging authentication and authorization credentials between different parties. The most common use for SAML is in web browser single sign ons. Starting in 2018.2, Alteryx Server supports SAML. So far, SAML in Alteryx Server has been specifically validated on two providers; Ping One and Okta. In this article, we will review how to configure SAML on your Alteryx Server for Okta.


Part 1: Add Alteryx to Okta


This entire process starts with the configuration on the Single Sign-On Provider’s side. This is a step-by-step outline of how to add Alteryx as an application in Okta.


Note: These instructions are for the Classic UI. The Developer's Console will look different. You can toggle views in the top left corner of the Admin view.


1. In the Admin view in Okta, navigate to Applications, and click on the Add Application button.



2. Select Create a New App.




3. Select SAML 2.0 as the Sign on method.




4. Enter an App Name and Logo (Optional) and click next.



 5. In the Configure SAML Screen, enter the Single Sign-on as URL as: your base Gallery URL with /aas/Saml2/Acs appended to the end. (e.g., or if SSL is enabled).


     Enter the Audience URI (SP Entity ID) as:  your base Gallery URL /aas/Saml2 (e.g., and scroll down.




6. Map the attributes email, firstName and lastName to the values, user.firstName and user.lastName respectively, then click Next on this page and Finish on the next page.




7. Assign the App to yourself and any other necessary users. This option is user Assignments in the App view.





Part 2: Configure the Alteryx System Settings


Once Alteryx has been added to Okta, you can configure SAML in the Alteryx Server’s System Settings.


1. In Alteryx System Settings, click next until you navigate to Gallery > Authentication, and select SAML authentication as your Authentication Type. The ACS Base URL field should auto-populate with your Gallery's URL (note that if you have SSL enabled it should be reflected in the Gallery's address as https instead of http)




2. In Select an option for obtaining metadata required by the IDP, select either IDP Metadata URL or x509 certificate and IDP SSO URL. Either option will work for Okta, so we suggest using the IDP Metadata URL option, because it simplifies set up. If you are interested in the X509 certificate and IDP SSO URL set up, please see the PingOne article


For the  IDP Metadata URL:


1. In Okta, click the Identity Provider Metadata link, which is located just below the View Setup Instructions Option in the Application Page > Sign On > Settings.




2.  This link will take you to an XML file that contains the SAML metadata. Copy the URL that is populated in the browser tab after clicking on this link.




3.  Paste the copied URL link into the IDP Metadata URL field in Alteryx System Settings.




4. View the Okta Setup Instructions in the App View under Sign On > View Setup Instructions, and copy the Identity Provider Issuer URL, and paste this into the IDP URL field in the Alteryx System Settings.









5. Click on the button to Verify IDP!


    You may see a pop-up warning about running scripts from the pop-up window. This is a know issue, and you should be able to get around it by clicking yes – you may have to repeat this a few times.


6. An Okta login screen should appear. Provide your Okta Credentials, and select Sign In.




7. If your Verification is successful, you will see a message pop up in the bottom right side of the System Settings Screen. Note: The first user successfully signed in to the IDP via verification becomes the default Gallery administrator (curator).




Now you can complete the Alteryx Systems Settings configuration by clicking Next through the remaining configuration options, and then Finish.


When you navigate to your Gallery, and click Sign In, you should now be signed in with your Okta Credentials. Hooray!




I follow the article but am getting stuck at the following screen. If i click on the 'Alteryx Authentication Service' it goes to a webpage not found screen. 

If i get out of it it sets the 'Default Gallery Administrator' to undefined ( which is greyed out) and does not let me proceed to next screen.


Also SAML doesnt work if i enable SSL


okta alteryx saml error.jpg

Sr. Data Science Content Engineer
Sr. Data Science Content Engineer

Hi @ashkhan,


We have tested enabling SSL with SAML authentication (Specifically with Okta), and have found that it works without issue in our test environment, so long as SSL and SAML are both configured correctly. It is important that the URL you use in your browser to access your Gallery matches what you are using to configure SAML, otherwise the authentication will fail. This may be something worth checking. If you continue to have trouble with configuring SAML, please reach out to us at, and we would be happy to review your current settings and configuration with you.



Thank you!




Thanks for the prompt response Sydney. 


We did validate that the settings were entered correctly - (we did try with incorrect settings and noticed a different error)

I also assume that the settings are correct since it tries to get to the auth page which just appears blank. 


i have sent an email to support for further investigation. 


We had issues using the IDP Metadata URL option, so went ahead with the X509 Certificate. A quick note on how to enter the certificate in the box is to eliminate the header (-----BEGIN CERTIFICATE-----) and footer (-----END CERTIFICATE-----) and remove the new lines (LF, CRLF codes), so all the characters are in one line.


Thanks Dan/Michael from support for the tip on this.


Also, backup the MongoDB before switching to SAML Authentication as there is no way back to Integrated Authentication from what I am told.

We have configured SAML using ADFS for our Gallery and now the "permissions" tab in the Admin gallery is missing, leaving us with no option to add AD Groups to configure access to the Gallery.


I was wondering if anyone of you has noticed that limitation and what have you done to circumvent that issue. It appears that is only a feature when using AD authentication.


Thank you,