Google Cloud Platform SSO Setup Guide (OIDC)
Use this guide to enable Single Sign-On (SSO) using the OIDC protocol for an individual Alteryx Analytics Cloud (AAC) workspace using Google Cloud Identity as your identity provider.
Required Permissions
To enable SSO with Google Cloud Platform (GCP), you must satisfy these requirements:
Be a user on a Professional or Enterprise AACAAC plan.
Have a Workspace Admin role assigned to you.
Have direct or indirect administrative access to Google Cloud Identity.
Be a current member of the integrated GCP project.
GCP Setup
Follow these steps to create an OAuth Client in GCP:
Sign in to your AACAAC workspace.
Go to Profile menu > Workspace Admin > Single Sign-On.
Under Protocol, select OIDC.
Note and copy the prepopulated Callback URL. You will use this later.
Sign in to your GCP account.
Go to the API & Services > Credentials page.
Select Create Credential.
Select OAuth Client ID.
In the Application Type dropdown, select Web Application.
In the Name field, enter a name for your app. For example, the name of your AACAAC workspace.
Under Authorized Redirect URIs, select Add URI.
In the URIs field, enter the Callback URL you copied from AACAAC.
Select Create.
Note and copy your Client ID. You will use this later.
Note and copy your Client Secret. You will use this later.
注記
For more information on OAuth 2.0 for GCP, go to Google's documentation.
AACAAC SSO Setup
Return to your AACAAC workspace and then follow these steps:
Configure SSO
Go to Profile menu > Workspace Admin > Single Sign-On.
Under Protocol, select OIDC.
In the Client ID field, enter the Client ID you copied from your GCP account.
In the Client Secret field, enter the Client Secret you copied from your GCP account.
In the Email Mapping OIDC Attribute field, enter this value:
email
In the Discovery Endpoint field, enter this value:
https://accounts.google.com/.well-known/openid-configuration
Next to the Discovery Endpoint field, select Import From URL. The rest of the fields will auto-populate.
Select Save.
Test Connection
Select Test Connection. A dialog then opens, prompting you to sign in to verify the integration.
Enter your GCP credentials. The dialog automatically closes if the integration has been verified.
Enable SSO
Select Enable SSO.
Select Confirm. Once enabled, users can only sign in to the workspace using their GCP credentials.