Okta SSO Setup Guide (OIDC)
Use this guide to enable Single Sign-On (SSO) using the OIDC protocol for an individual Alteryx Analytics Cloud (AAC) workspace using Okta.
Required Permissions
To enable SSO with Okta, you must satisfy these requirements:
Be a user on a Professional or Enterprise AAC plan.
Have a Workspace Admin role assigned to you.
Have administrative access in the target Okta instance.
Okta Setup
Follow these steps to create an OIDC app integration in Okta:
Sign in to your AAC workspace.
Go to Profile menu > Workspace Admin > Single Sign-On.
Select OIDC.
Note and copy the prepopulated Callback URL. You will use this later.
Sign in to your Okta Portal as an administrator.
Under Applications, select Applications.
Select Create App Integration.
Select OIDC - OpenID Connect.
Select Web Application.
In the App Integration Name field, enter a name for your app. For example, the name of your AAC workspace.
In the Sign-in redirect URIs field, enter the Callback URL you copied from AAC.
Under Assignments, select the appropriate Controlled Access option based on your organizational requirements.
Select Save.
Note and copy your Client ID. You will use this later.
Note and copy your Client Secret. You will use this later.
AAC SSO Setup
Return to your AAC workspace and then follow these steps:
Configure SSO
Go to Profile menu > Workspace Admin > Single Sign-On.
Under Protocol, select OIDC.
In the Client ID field, enter the Client ID you copied from your Okta account.
In the Client Secret field, enter the Client Secret you copied from your Okta account.
In the Email Mapping OIDC Attribute field, enter this value:
email
In the Discovery Endpoint field, enter this value:
https://dev-664771.okta.com/.well-known/openid-configuration
Next to the Discovery Endpoint field, select Import From URL. The rest of the fields will auto-populate.
Select Save.
Test Connection
Select Test Connection. A dialog then opens, prompting you to sign in to verify the integration.
Enter your Okta credentials. The dialog automatically closes if the integration has been verified.
Enable SSO
Select Enable SSO.
Select Confirm. Once enabled, users can only sign in to the workspace using their Okta credentials.