Skip to main content

Google Cloud Platform SSO Setup Guide (OIDC)

Use this guide to enable Single Sign-On (SSO) using the OIDC protocol for an individual Alteryx Analytics Cloud (AAC) workspace using Google Cloud Identity as your identity provider.

Required Permissions

To enable SSO with Google Cloud Platform (GCP), you must satisfy these requirements:

  • Be a user on a Professional or Enterprise AAC plan.

  • Have a Workspace Admin role assigned to you.

  • Have direct or indirect administrative access to Google Cloud Identity.

  • Be a current member of the integrated GCP project.

GCP Setup

Follow these steps to create an OAuth Client in GCP:

  1. Sign in to your AAC workspace.

  2. Go to Profile menu > Workspace Admin > Single Sign-On.

  3. Under Protocol, select OIDC.

  4. Note and copy the prepopulated Callback URL. You will use this later.

  5. Sign in to your GCP account.

  6. Go to the API & Services > Credentials page.

  7. Select Create Credential.

  8. Select OAuth Client ID.

  9. In the Application Type dropdown, select Web Application.

  10. In the Name field, enter a name for your app. For example, the name of your AAC workspace.

  11. Under Authorized Redirect URIs, select Add URI.

  12. In the URIs field, enter the Callback URL you copied from AAC.

  13. Select Create.

  14. Note and copy your Client ID. You will use this later.

  15. Note and copy your Client Secret. You will use this later.

Note

For more information on OAuth 2.0 for GCP, go to Google's documentation.

AAC SSO Setup

Return to your AAC workspace and then follow these steps:

Configure SSO

  1. Go to Profile menu > Workspace Admin > Single Sign-On.

  2. Under Protocol, select OIDC.

  3. In the Client ID field, enter the Client ID you copied from your GCP account.

  4. In the Client Secret field, enter the Client Secret you copied from your GCP account.

  5. In the Email Mapping OIDC Attribute field, enter this value:

    email
  6. In the Discovery Endpoint field, enter this value:

    https://accounts.google.com/.well-known/openid-configuration
  7. Next to the Discovery Endpoint field, select Import From URL. The rest of the fields will auto-populate.

  8. Select Save.

Test Connection

  1. Select Test Connection. A dialog then opens, prompting you to sign in to verify the integration.

  2. Enter your GCP credentials. The dialog automatically closes if the integration has been verified.

Enable SSO

  1. Select Enable SSO.

  2. Select Confirm. Once enabled, users can only sign in to the workspace using their GCP credentials.