Skip to main content

Azure SSO Setup Guide (SAML)

Use this guide to enable Single Sign-On (SSO) using the SAML 2.0 protocol for an individual Alteryx One workspace using Microsoft Entra (Azure AD).

Required Permissions

  • Be a user on a Professional or Enterprise Alteryx One plan.

  • Have a Workspace Admin role assigned to you.

  • Have administrative access in the target Azure instance.

Note

Alteryx One does not support token encryption for Entra-based SAML IDP applications.

Azure AD Setup

Follow these steps to create an Enterprise Application in Azure:

  1. Sign in to your Alteryx One workspace.

  2. Go to Profile menu > Workspace Admin > Single Sign-On.

  3. Under Protocol, select SAML.

  4. Note and copy the prepopulated Assertion Consumer Service URL. You will use this later.

  5. Note and copy the prepopulated Service Provider Entity URL. You will use this later.

  6. Sign in to your Azure Portal as an administrator.

  7. Go to Applications > Enterprise Applications.

  8. Select New application.

  9. Select Create your own application.

  10. In the Name field, enter a name for your app. For example, the name of your Alteryx One workspace.

  11. Select Integrate any other application you don’t find in the gallery (non-gallery).

  12. Select Create.

  13. Under the Manage menu, select Single sign-on.

  14. For the single sign-on method, select SAML.

  15. In the Basic SAML Configuration section, select Edit from the 3-dot menu.

  16. Under Identifier (Entity ID), select Add Identifier.

  17. Paste the Service Provider Entity URL value you copied from your Alteryx One workspace.

  18. Next to the value you just pasted, check the Default box.

  19. Under Reply URL (Assertion Consumer Service URL), select Add Reply URL.

  20. Paste the Assertion Consumer Service URL value you copied from your Alteryx One workspace.

  21. Next to the value you just pasted, check the Default box.

  22. Select Save.

  23. In the Attributes & Claims section, select Edit from the 3-dot menu.

  24. Select Add New Claim.

  25. In the Name field, enter email.

  26. In the Source attribute dropdown, select user.mail.

  27. Select Save.

  28. Use the navigation breadcrumbs to go back to SAML-based Sign-on.

  29. In the SAML Certificates section, note and copy the App Federation Metadata URL. You will use this later. 

Alteryx One SSO Setup

Return to your Alteryx One workspace and then follow these steps:

Configure SSO

  1. Go to Profile menu > Workspace Admin > Single Sign-On.

  2. Under Protocol, select SAML.

  3. In the Email Mapping SAML Attribute field, enter email.

  4. In the Metadata URL field, paste the App Federation Metadata URL value you copied from Azure.

  5. Select Import From URL. Multiple fields should auto-populate.

  6. Select Save. Alteryx One will redirect you to the Test Connection page.

  7. Select View Configuration Details.

  8. Note and copy the prepopulated Relay State URL. You will use this later. 

  9. Go back to the Azure Portal.

  10. In the Basic SAML Configuration section, select Edit from the 3-dot menu.

  11. Under Relay State (Optional), paste the Relay State URL value you copied from your Alteryx One workspace.

  12. Select Save.

Test Connection

  1. Return to your Alteryx One workspace.

  2. Select Test Connection. A dialog then opens, prompting you to sign in to verify the integration.

  3. Enter your Azure credentials if you aren't already signed in. The dialog automatically closes if the integration has been verified.

Enable SSO

  1. Select Enable SSO.

  2. Select Confirm. Once enabled, users can only sign in to the workspace using their Azure credentials.