Set Up Azure AD with Alteryx Platform
Last modified: February 14, 2022
Learn how to configure Azure AD with Alteryx Platform.
You need admin access to both Azure AD and Alteryx Platform to set up this configuration.
To set up this configuration, you'll complete these steps:
- Create the configuration in Platform.
- Add Alteryx Platform as an app in Azure AD.
- Map attributes in Azure AD.
- Complete the configuration in Platform.
Because you have to perform actions in both Alteryx Platform and in Azure AD, we recommend that you open them in separate tabs in your browser before you begin the configuration process.
1. Create Identity Provider (IdP) Configuration
- Sign into Alteryx Platform as an admin.
- Go to Admin > Single Sign-On.
- Select Edit.
- Enter the name of your IdP into Identity Provier Name. The name displays in the SSO button on the sign-in screen.
- Select Save.
- Copy these values so you can paste them into Azure AD:
- Service Provider Entity ID
- Assertion Customer Service URL
- Relay State
2. Add Alteryx Platform as an App in IdP
- Sign in to Azure Portal as an admin.
- Go to Azure Active Directory.
- From Manage, select Enterprise Applications.
- Select New application > Create your own application.
- In What's the name of your app?, enter the name of your application. We recommend "Alteryx Platform" for the name.
- Select Integrate any other application you don't find in the gallery (non-gallery).
- Select Create.
- From Manage, select Single sign-on.
- For the single sign-on method, select SAML.
- For Basic SAML Configuration, select Edit.
- In Identifier (Entity ID), paste the entity ID you previously copied from Alteryx Platform. Make sure to check the Default box.
- In Reply URL (Assertion Consumer Service URL), paste the assertion consumer service URL you previously copied from Alteryx Platform. Make sure to check the Default box.
- In Sign on URL, paste the Relay State found on Platform's Single Sign-On page.
- In Relay State, paste the Relay State found on Platform's Single Sign-On page.
- In Logout URL, paste paste the Assertion Consumer Service URL value found on Platform’s Single Sign-On page.
- Select Save.
3. Map Attributes in IdP
You have to create 3 claims in Azure AD:
- 1st Name
- Last Name
Go to User Attributes & Claims.
- Select Add New Claim.
- In Name, enter
email
. - From Source Attribute, select user.mail.
- Select Save.
1st Name
- Select Add New Claim.
- In Name, enter
firstName
. - From Source Attribute, select user.givenname.
- Select Save.
Last Name
- Select Add New Claim.
- In Name, enter
lastName
. - From Source Attribute, select user.surname.
- Select Save.
TIP
To keep your setup tidy, consider removing unused claims.
4. Complete IdP Configuration
- In Azure AD, go to SAML Signing Certificate.
- Copy the App Federation Metadata URL value.
- On the Single Sign-On page in Platform, select Edit for the Import IdP Metadata from URL section.
- Paste the metadata URL you copied from your IdP into Import from URL.
- Set HTTP-POST Binding for AuthnRequest to
on
to use HTTP POST Binding instead of HTTP Redirect Binding when requesting authentication from the SAML IdP. - Set HTTP-POST Binding Response to
on
to use HTTP Post Binding instead of HTTP Redirect Binding when responding to requests sent by the SAML IdP. - Select Test Connection. If a connection has been successfully established, a green checkmark should appear.
- Select Save.