- Alteryx Server
- Windows Server - Active Directory Users and Computers
There's often a requirement to run workflows as a particular user within gallery. This adds an extra layer of security to resources which only certain domain users have access to ( i.e.network shares and Sql or Oracle databases, etc). Running workflows with specific credentials requires additional permissions on the server for the workflow to complete successfully. If these are not applied, credentials will fail to validate in gallery resulting in the following error:
'Invalid username or password'
Please note: You should first troubleshoot this error using the article How to troubleshoot Invalid username and password to ensure its not related to another issue, i.e an invalid username or password, locked account, etc. For the purposes of this document we assume this issue is related missing permissions on the server and its a business requirement to manage permissions for multiple users. So how can we do this?
You can leverage Active Directory Security Groups to add run as permissions for multiple users. This can be useful when administering multiple users for Alteryx. The following method shows how to create and apply security groups to the alteryx server. Note: This method is not supported by Alteryx and based on previous successful implementations. You may need to consult with your AD or IT Infrastructure team to apply changes.
Creating Security Group
1. Open Active Directory Users and Computers
2. Select the container where you want the Security Group to reside
3. Click Action, New, followed by Group
4. Name the Security Group and write a description stating the purpose of the group (i.e. Administer Alteryx Run as users)
5. In the Groups section, select security then save the changes
Add Alteryx Run as users to the security group
1. Right Click the group and select Properties
2. Select Member, then Add
3. Enter all Alteryx users requiring Run as permissions on the server
4. Click Ok to save the changes.
Finally add the security group to the server (as you would a single user account) as referenced in Run as permissions help document. Please note: the secondary logon service must be running under services.msc.
How workflow credentials work on a private gallery
Set required Run as User Permissions