Okta SSO Setup Guide (SAML)
Use this guide to enable Single Sign-On (SSO) using the SAML 2.0 protocol for an individual Alteryx Analytics Cloud (AAC) workspace using Okta.
Required Permissions
To enable SSO with Okta, you must satisfy these requirements:
Be a user on a Professional or Enterprise AACAAC plan.
Have a Workspace Admin role assigned to you.
Have administrative access in the target Okta instance.
Okta Setup
Follow these steps to create an OIDC app integration in Okta:
Sign in to your AACAAC workspace.
Go to Profile menu > Workspace Admin > Single Sign-On.
Under Protocol, select SAML.
Note and copy the prepopulated Assertion Consumer Service URL. You will use this later.
Note and copy the prepopulated Service Provider Entity URL. You will use this later.
Sign in to your Okta Portal as an administrator.
Select Create App Integration.
Select SAML 2.0.
In the App Name field, enter a name for your app. For example, the name of your AACAAC workspace.
Select Next.
Under General, in the Single sign on URL field, paste the Assertion Consumer Service URL value you copied from your AACAAC workspace.
Under General, in the Audience URI (SP Entity ID) field, paste the Service Provider Entity ID value you copied from your AACAAC workspace.
Under Attribute Statements (optional), in the Name field, enter
email
.Next to the Name field, in the Value dropdown, select
user.email
.Select Next.
Select the I'm an Okta customer adding an internal app option.
Select Finish.
From the app page, go to Sign On > Settings > Metadata Details and then note and copy the Metadata URL. You will use this later.
AACAAC SSO Setup
Return to your AACAAC workspace and then follow these steps:
Configure SSO
Go to Profile menu > Workspace Admin > Single Sign-On.
Under Protocol, select SAML.
In the Email Mapping SAML Attribute field, enter
email
.In the Metadata URL field, paste the Metadata URL value you copied from Okta.
Select Import From URL. Multiple fields should auto-populate.
Select Save. AACAAC redirects you to the Test Connection page.
Select View Configuration Details.
Note and copy the prepopulated Relay State URL. You will use this later.
Go back to the application in the Okta Portal.
Go to General > SAML Settings and then select Edit.
Go to Default Relay State and then paste the Relay State URL value you copied from your AACAAC workspace.
Select Save.
Test Connection
Return to your AACAAC workspace.
Select Test Connection. A dialog then opens, prompting you to sign in to verify the integration.
Enter your Okta credentials if you aren't already signed in. The dialog automatically closes if the integration has been verified.
Enable SSO
Select Enable SSO.
Select Confirm. Once enabled, users can only sign in to the workspace using their Okta credentials.