Skip to main content

Okta SSO Setup Guide (SAML)

Use this guide to enable Single Sign-On (SSO) using the SAML 2.0 protocol for an individual Alteryx One Platform workspace using Okta.

Required Permissions

To enable SSO with Okta, you must satisfy these requirements:

  • Be a user on a Professional, Enterprise, or Legacy-1 Alteryx One plan.

  • Have a Workspace Admin role assigned to you, or a custom role that includes the Single Sign-Out capability.

  • Have administrative access in the target Okta instance.

Okta Setup

Follow these steps to create an OIDC app integration in Okta:

Nota

Do not enable Assertion Encryption in Advanced Settings. Alteryx One Platform does not support assertion encryption and instead uses HTTPS to protect SAML payloads.

Nota

Do not enable Signed Requests in Advanced Settings. Okta’s signature verification for requests is incompatible with Alteryx One Platform.

  1. Sign in to your Alteryx One workspace.

  2. Go to Profile menu > Workspace Admin > Single Sign-On.

  3. Under Protocol, select SAML.

  4. Note and copy the prepopulated Assertion Consumer Service URL. You will use this later.

  5. Note and copy the prepopulated Service Provider Entity URL. You will use this later.

  6. Sign in to your Okta Portal as an administrator.

  7. Select Create App Integration.

  8. Select SAML 2.0.

  9. In the App Name field, enter a name for your app. For example, the name of your Alteryx One workspace.

  10. Select Next.

  11. Under General, in the Single sign on URL field, paste the Assertion Consumer Service URL value you copied from your Alteryx One workspace.

  12. Under General, in the Audience URI (SP Entity ID) field, paste the Service Provider Entity ID value you copied from your Alteryx One workspace.

  13. Select Finish.

  14. Select the I'm an Okta customer adding an internal app option.

  15. Select Finish.

  16. Under Sign-On, in the Attribute Statements section, select Add Expression.

  17. In the Name field, enter email.

  18. Next to the Name field, in the Expression field, enter user.profile.email.

  19. Select Save.

  20. In the Name field, enter firstName.

  21. Next to the Name field, in the Expression field, enter user.profile.firstName.

  22. Select Save.

  23. In the Name field, enter lastName.

  24. Next to the Name field, in the Expression field, enter user.profile.lastName.

  25. Select Save.

  26. From the app page, go to Sign On > Settings > Metadata Details and then note and copy the Metadata URL. You will use this later.

Alteryx One SSO Setup

Return to your Alteryx One workspace and then follow these steps:

Configure SSO

  1. Go to Workspace Admin > Single Sign-On.

  2. Under Protocol, select SAML.

  3. In the Email Mapping SAML Attribute field, enter email.

  4. In the Given Name Mapping Attribute field, enter firstName.

  5. In the Family Name Mapping Attribute field, enter lastName.

  6. In the Metadata URL field, paste the Metadata URL value you copied from Okta.

  7. Select Import From URL. Multiple fields should auto-populate.

  8. Select SaveAlteryx One redirects you to the Test Connection page.

  9. Select View Configuration Details.

  10. Note and copy the prepopulated Relay State URL. You will use this later. 

  11. Go back to the application in the Okta Portal.

  12. Go to General > SAML Settings and then select Edit.

  13. Go to Default Relay State and then paste the Relay State URL value you copied from your Alteryx One workspace.

  14. Select Save.

  15. Select Finish.

Test Connection

  1. Return to your Alteryx One workspace.

  2. Select Test Connection. A dialog then opens, prompting you to sign in to verify the integration.

  3. Enter your Okta credentials if you aren't already signed in. The dialog automatically closes if the integration has been verified.

Enable SSO

  1. Select Enable SSO.

  2. Select Confirm. Once enabled, users can only sign in to the workspace using their Okta credentials.

Nesta secção: