Azure SSO Setup Guide (SAML)
Use this guide to enable Single Sign-On (SSO) using the SAML 2.0 protocol for an individual Alteryx Analytics Cloud (AAC) workspace using Microsoft Entra (Azure AD).
Required Permissions
Be a user on a Professional or Enterprise AAC plan.
Have a Workspace Admin role assigned to you.
Have administrative access in the target Azure instance.
Azure AD Setup
Follow these steps to create an Enterprise Application in Azure:
Sign in to your AAC workspace.
Go to Profile menu > Workspace Admin > Single Sign-On.
Under Protocol, select SAML.
Note and copy the prepopulated Assertion Consumer Service URL. You will use this later.
Note and copy the prepopulated Service Provider Entity URL. You will use this later.
Sign in to your Azure Portal as an administrator.
Go to Applications > Enterprise Applications.
Select New application.
Select Create your own application.
In the Name field, enter a name for your app. For example, the name of your AAC workspace.
Select Integrate any other application you don’t find in the gallery (non-gallery).
Select Create.
Under the Manage menu, select Single sign-on.
For the single sign-on method, select SAML.
In the Basic SAML Configuration section, select Edit from the 3-dot menu.
Under Identifier (Entity ID), select Add Identifier.
Paste the Service Provider Entity URL value you copied from your AAC workspace.
Next to the value you just pasted, check the Default box.
Under Reply URL (Assertion Consumer Service URL), select Add Reply URL.
Paste the Assertion Consumer Service URL value you copied from your AAC workspace.
Next to the value you just pasted, check the Default box.
Select Save.
In the Attributes & Claims section, select Edit from the 3-dot menu.
Select Add New Claim.
In the Name field, enter
email
.In the Source attribute dropdown, select
user.mail
.Select Save.
Use the navigation breadcrumbs to go back to SAML-based Sign-on.
In the SAML Certificates section, note and copy the App Federation Metadata URL. You will use this later.
AAC SSO Setup
Return to your AAC workspace and then follow these steps:
Configure SSO
Go to Profile menu > Workspace Admin > Single Sign-On.
Under Protocol, select SAML.
In the Email Mapping SAML Attribute field, enter
email
.In the Metadata URL field, paste the App Federation Metadata URL value you copied from Azure.
Select Import From URL. Multiple fields should auto-populate.
Select Save. AAC will redirect you to the Test Connection page.
Select View Configuration Details.
Note and copy the prepopulated Relay State URL. You will use this later.
Go back to the Azure Portal.
In the Basic SAML Configuration section, select Edit from the 3-dot menu.
Under Relay State (Optional), paste the Relay State URL value you copied from your AAC workspace.
Select Save.
Test Connection
Return to your AAC workspace.
Select Test Connection. A dialog then opens, prompting you to sign in to verify the integration.
Enter your Azure credentials if you aren't already signed in. The dialog automatically closes if the integration has been verified.
Enable SSO
Select Enable SSO.
Select Confirm. Once enabled, users can only sign in to the workspace using their Azure credentials.