Configure Alteryx Server for SCIM with Azure Active Directory

Version:
2023.1
Last modified: May 22, 2023

Welcome to this guide on setting up Alteryx Server with SCIM (System for Cross-domain Identity Management) for Azure Active Directory (Azure AD). This document aims to provide step-by-step instructions for administrators who want to integrate Alteryx Server with Azure AD using SCIM. By following this guide, you will learn how to enable SCIM in Alteryx Server, configure Azure AD to connect to Alteryx Server for SCIM provisioning, and provision users and groups in Azure AD. With this integration, you can streamline user and group management, ensuring a synchronized and hassle-free experience between Alteryx Server and Azure AD.

This configuration requires Azure to be able to communicate with the Alteryx Server over an HTTPS (SSL/TLS) connection. Please check with your network and security teams to ensure network, firewall, and routing are appropriately configured to allow this communication. To support this communication, TLS must be enabled for Alteryx Server. For more information on TLS, see Configure Server SSL/TLS

Enable SCIM Support

  1. SCIM requires that Alteryx Server is configured to support SAML single sign-on.
  2. Sign in to Alteryx Server as a Curator (Server admin) and navigate to Admin > Settings > Configuration > SCIM.
  3. Select Edit.
  4. Turn on the switch to enable SCIM.
  5. Select the Token Lifetime based on your needs. Please consult your company's security team for guidance.
  6. Select Save.
  7. Make note of the Base URI and Token as you will need these to configure the connection in Azure.

Alteryx Server SCIM Configuration Example

Configure Azure

  1. Log in to the Azure Portal.
  2. If you do not already have an Application created for Alteryx Server, select Enterprise applications.
    1. Select +New application.
    2. Select +Create your own application.
    3. In the right-hand panel, enter a name for the application, such as “Alteryx Server”.
    4. Select Integrate any other application you don’t find in the gallery (Non-gallery).
    5. Select Create.
    6. Once the app is created, select Single sign-on and configure the app for SAML. See Configuring SAML 2.0 on Alteryx Server for Azure AD for details.
  3. Once you have an application created for Alteryx Server, navigate to that application.
  4. Select Provisioning.
    1. Select Automatic for the Provisioning Mode.
    2. For Tenant URL, enter the Base URI you noted in the Enable SCIM Support section (for example, https://host.domain.tld/webapi/scim/v2).
    3. For Secret Token, enter the Token you noted in the Enable SCIM Support section.
    4. Select Test Connection to confirm Azure can connect to Alteryx Server.
      1. If the connection test fails:
        • Ensure you have entered the correct URL and Token.
        • Consult your network and security teams to ensure network connectivity between Alteryx Server and Azure is allowed.
        • If Azure cannot be allowed to connect directly to Alteryx Server, you might be able to use Azure’s provisioning agent instead of this configuration. Please consult with your Azure administrator and Azure AD on-premises application provisioning to SCIM-enabled apps for details.
          Azure Provisioning Configuration Example

Provisioning Users and Groups

  1. Log in to the Azure Portal.
  2. Navigate to the application you created for Alteryx Server in the Configure Azure section.
  3. Select Users and Groups.
    Azure Users and groups
  4. Select +Add user/group.
  5. In the right-hand panel, use search to find and select the users and groups you want to add.
  6. The selected users and groups appear in the lower section of the panel.
    Azure User Search Panel
  7. To finalize your selection, choose the Select button at the bottom of the panel.
  8. This returns you to the Users and Groups page with a list of the users and groups associated with the application.
  9. Select Provisioning.
  10. Select Start provisioning to enable provisioning. This starts the incremental provisioning cycle with which Azure will synchronize users and groups with Alteryx Server. Any changes to users or groups in Azure are reflected in Server when this sync completes. Azure can take up to 40 minutes to synchronize changes.
    Azure Provisioning Configuration

Confirm Successful Synchronization

  1. Wait at least 40 minutes to ensure Azure goes through a provisioning cycle.
  2. Sign in to Alteryx Server as a Curator (Server admin).
  3. Navigate to Admin > Users.
  4. Confirm that the users and groups provisioned in Azure have been successfully created or updated in Server.
Was This Page Helpful?

Running into problems or issues with your Alteryx product? Visit the Alteryx Community or contact support. Can't submit this form? Email us.