This site uses different types of cookies, including analytics and functional cookies (its own and from other sites). To change your cookie settings or find out more, click here. If you continue browsing our website, you accept these cookies.
This article includes details on using OpenSSL to create a Certificate Signing Request (CSR) to send to a Certificate Authority (CA), generating a self-signed certificate, installing the certificate, and configuring Alteryx Server to use the certificate.
One of the three database options when setting up the Alteryx Server is to connect into a User-Managed MongoDB instance. Why would you want to set up your own implementation of MongoDB? The main benefits are to take advantage of the features of MongoDB that are not included with our embedded instance.
If a Server is freezing with jobs stuck in an initializing state, there may be resource contention occurring due to the configuration of System Settings. This article provides best practice formulas to ensure the optimal settings for resource utilization.
How To : Safely change the Global Workspace of an Alteryx Server
The Global Workspace is a path used as the base for configuration options that determine where temporary files, log files, and database files are stored.
Sub-folders for the specific items can be created to use the global workspace or can be customized later to write to a different location. This path should point to a location that is safe to store large amounts of files.
Server admins wanting to change it to to a different location can use this resource to safely perform this change.
Product - Alteryx Server
All permissions on the future Global Workspace
Backup your Alteryx Server (procedure outlined here)
Alongside the backup of done in the previous step, keep a copy of the below elements:
RuntimeSettings.xml (this file can be found in %ProgramData%/Alteryx/)
Controller Token (can be copied into a text file from the Alteryx System Settings > General)
Stop the Alteryx Service
Open the Alteryx System Settings ans navigate to Environment > Workspace
Change the Global Workspace to the desired directory :
Navigate through each screen of the Alteryx System Settings to confirm that:
The paths of the sub-directories include the new Global Workspace's root path
The other settings remain unchanged
Do not hit hit "Finish" on the last screen of the Alteryx System Settings:
But instead copy the below folders from the previous Global Workspace to the new Global workspace:
After the copy, you can hit "Finish" to apply the changes and start the Alteryx Service
Log into the Gallery Admin and validate that every elements are available (users, workflows, schedules...)
If the validation is confirmed, remove the below folders from the previous Global Workspace:
Help Pages - Configure Server
Help Pages - Environment
As always, don't hesitate to contact us over at Customer Support if you run into any trouble.
The Visualytics Insight tool was first introduced with Alteryx 2018.3. Insights allow users to create visual, interactive dashboards to gain deeper insights into your data and can be shared through an Alteryx Private Gallery. In order to have Insights load successfully on your Gallery, there are a few changes you need to make to your Server System Settings.
Configuring SAML on Alteryx Server for Active Directory Federation Services (ADFS)
Alteryx Server has the ability to use most identity providers that support the SAML 2.0 standard, and from my testing, ADFS is no exception! The following information will assist with configuring Alteryx Server to be functional with ADFS.
Please note the following information is based on third-party software and processes may be slightly different on older or newer versions of the software. The following was created against ADFS v4.0 running on Windows Server 2016 and Alteryx Server 2019.2.
AD FS Server
Account with access to perform administration tasks
All users that will login must have an email address attribute
Alteryx Server >= 2018.2
Account with access to perform administration tasks
SSL/TLS Certificate Installed on Alteryx Server (Self-Signed certificate is not recommended)
Verify that your Alteryx Server's Gallery function has been configured with SSL/TLS enabled on each Gallery node in the environment and that a proper SSL certificate is installed. Instructions are provided in the link above.
This and following steps will require an ADFS administrator. Open the AD FD Management utility (Start > Windows Administrative Tools > AD FS Management)
Click Relying Party Trusts from the console, then click Add Relying Party Trust...
Click Enter data about the relying party manually and click Next.
Type a Display name for the trust. I placed "Alteryx Server" here, but you can use a name that best identifies the connection for you, such as a server name or other easily identifiable name. Then click Next.
Click Next on the Configure Certificate page.
Check the box for Enable support for the SAML 2.0 WebSSO protocol. Type the URL of the Alteryx Server's SAML endpoint in the Relying party SAML 2.0 SSO service URL box, which typically will be the base URL of Alteryx Gallery with the addition of "/aas/Saml2". Once you have added the proper URL, click Next. Note: this endpoint may be case sensitive depending on settings in your environment. I would recommend entering it with the capitalization as shown in the screenshot and example below. Example: Gallery URL: https://trn-srv-07.cs.alteryx.com/gallery SAML Endpoint: https://trn-srv-07.cs.alteryx.com/aas/Saml2
In the Relying party trust identifier, type the same SAML endpoint as the previous step and click Add to add the URL to the list below. Click Next.
Select Permit everyone from the Access Control Policy and click Next. Note: You may wish to configure this option differently depending on the environment and whom you wish to be able to authenticate with Alteryx Gallery, or you may wish to setup Multi-Factor Authentication (MFA). Specific access permissions and these types of setup are outside the scope of this article.
Click Next on the Ready to Add Trust page.
Check the box next to Configure claims issuance policy for this application and click Close.
Within the new Claim Issuance Policy window, click Add Rule...
Verify the Claim rule template is set to Send LDAP Attributes as Claims and click Next.
Type a desired name for the rule within the Claim rule name box. From the Attribute store drop-down, choose Active Directory.
Using the following table, set the appropriate options within the Mapping of LDAP attributes to outgoing claim types box. Click Finish. Note: The following outgoing values are case sensitive and will need to be typed except for "SAM-Account-Name".
Outgoing Claim Type
On the Claim Issuance Policy window, click Apply to apply the settings, then click OK.
You will now need an administrator with access to the Alteryx Server machine(s) running the Gallery for your environment. Connect to the machine remotely via Remote Desktop.
Open the Alteryx System Settings application, then click Next until you are at the Gallery > Authentication page.
From the Authentication Type box, click the radio button next to SAML authentication. In the Select an option for obtaining metadata required by the IDP, click the radio button next to IDP Metadata URL. !Warning!: It is not recommended to change the authentication type once you have established the persistence layer (e.g. MongoDB) and started using a particular authentication method in your environment. Differences in user account structure will be likely to result in errors in the Gallery if the authentication method is changed in an established environment. If you are changing authentication methods, it is recommended to create a new persistence database!
From the SAML IDP Configuration box, set the ACS Base URL to the root of the Gallery URL plus "/aas". Example: Gallery URL: https://trn-srv-07.cs.alteryx.com/gallery ACS Base URL: https://trn-srv-07.cs.alteryx.com/aas
Set the IDP URL (also known as Entity ID) to the Federation Service identifier value from ADFS. Example: https://sts1.cs.alteryx.com/adfs/services/trust Note: If you are not positive on the value for this, ask your ADFS administrator or download the metadata XML with the link you are using in the next step and look for the "entityID".
Set the IDP Metadata URL to the location of the Federation Metadata xml file provided by the ADFS server. Example: https://sts1.cs.alteryx.com/FederationMetadata/2007-06/FederationMetadata.xml Note: If you are not positive on the value for this, ask your ADFS administrator.
Click Verify IDP. If all goes well, you should receive a message similar to the following: Note: See the Common Issues section below for tips on troubleshooting!
Click Next through the remainder of the System Settings dialogs, then click Finish.
(Optional) Return to Step 17 if you have additional Gallery node(s) to configure.
Once all Gallery node(s) are configured, attempt to access your private Alteryx Gallery and log in with your fresh new SAML configuration!
AlteryxAuthorizationService.exe has stopped working or there is a failure to set the Default Gallery Administrator -Turn off IE Enhanced Security Configuration on the Alteryx Server if you have crash errors while verifying the IDP information. This feature can be turned back on once you have the configuration in a functional state. https://www.limestonenetworks.com/support/knowledge-center/17/70/how_do_i_disable_internet_explorer_enhanced_security.html -Verify that the values in the SAML IDP Configuration are correct for your ADFS server. -Verify that the ADFS server was configured with the correct claim attributes. -Check the AlteryxAuthorizatonService.exe logging directory (%PROGRAMDATA%\Alteryx\Logs) for any clues. -Open Event Viewer within Windows and look for errors that may be of use in the Application log. -If still stuck, reach out to our Support team. I'd suggest providing the following: 1. Values set in the Alteryx System Settings application for SAML 2. AAS log files (found in %PROGRAMDATA%\Alteryx\Logs\) 3. Configuration screenshots for ADFS