Alteryx supports the ability to provision, update and deprovision Analytics Cloud users through the System for Cross-domain Identity Management (SCIM) protocol. By enabling SCIM, your organization can use Okta groups to set user access to individual workspaces, and the services available to them.
You have direct access to your Analytics Cloud workspace, and have been assigned the Workspace Admin role.
You have direct access to your instance of Okta, and have been assigned the Super Admin or App Admin role.
You have already enabled SAML SSO for your workspace. For more information, see Okta SSO Setup Guide (SAML).
Sugerencia
Auto-provisioning is most effective when user access is managed through groups. Within your IdP, consider managing application access using security groups instead of assigning users to the application, one-by-one.
Within Analytics Cloud, navigate to your workspace’s Admin Console.
Select User Provisioning in the left navigation menu.
Select Enable Automatic User Provisioning.
Select Enable.
In the the Authentication Type dropdown, select Alteryx Token Authentication.
Select Next.
Note and copy your Tenant URL. You will use this later.
Select Generate Token.
In the Lifetime (Days) field, enter “365”.
Select Generate.
Note and copy your SCIM Token. You will use this later.
Select Close.
In Okta, navigate to the application that is mapped to your workspace.
Under the General tab, in the App Settings section, select Edit.
Select the checkbox next to Enable SCIM provisioning.
Select Save.
Under the Provisioning tab.
Select Edit.
In the SCIM connector base URL field, enter the Tenant URL value copied from your workspace.
In the Unique identifier field for users field, enter “email”.
In the Supported provisioning actions section, select the checkbox next to Push New Users, Push Profile Updates, and Push Groups.
In the Authentication Mode dropdown, select “HTTP Header”.
In the Bearer Token field, enter the SCIM Token value you copied from your workspace.
(Optional) Select Test Connection Configuration and select Close.
Select Save and Edit.
Select the checkbox next to Create Users.
Select the checkbox next to Update User Attributes.
Select the checkbox next to Deactivate Users.
Select Save.
(Optional) Under Attribute Mappings, deselect all attributes except for the following:
givenName: user.firstNamefamilyName: user.lastNameemail: user.email
Navigate to the Push Groups tab.
Select Push Groups, then Find Groups by Name.
Enter the name of the group you want to sync and select it.
Select Save.
Navigate to the Assignments tab.
Select the Groups filter.
Select the Assign button, then Assign to Groups.
Find the group you want to sync, then select Assign.
Select Save and Go Back.
Select Done.
Assigned groups will be synchronized to the workspace. Group members who do not already have access to the workspace will receive an email invite notification.
Nota
Depending on your Okta settings, it may take some time before users and user groups are synchronized to the corresponding workspace.
Within Analytics Cloud, navigate back to your workspace’s Admin Console.
Navigate to the User Groups page.
Hovering over a synchronized user group, select the 3-dot menu.
Select Assign Roles.
In the Assign Roles to Group dropdown, select or deselect one or more existing roles.
Select Save.
Users who are already a member of the group will inherit the selected roles. Users added to Entra security groups in the future will be invited to the workspace and assigned the selected roles.