Manage Users under SSO
This section covers additional requirements for managing users of the Designer Cloud Powered by Trifacta platform in SSO environments.
Enable SSO
The Designer Cloud Powered by Trifacta platform requires additional configuration to integrate with your SSO provider. Available methods:
Method | Description |
|---|---|
SAML IDP | Integrate the platform with enterprise SAML identity provider. See Configure SSO for SAML. |
Native LDAP-AD | Using native functionality in the platform, it can integrate with enterprise LDAP/AD. For more information, see Configure SSO for AD-LDAP. |
LDAP-AD via reverse proxy | A reverse proxy server outside of the platform can be set up for integration with enterprise LDAP/AD. Note This method is likely to be deprecated in a future release. For more information, seeConfigure SSO for AD-LDAP. |
Configure Auto-Registration
Tip
By default, user auto-registration is enabled. It is recommended.
How users are managed depends on whether auto-registration is enabled:
If auto-registration is enabled, after users provide their credentials, the account is automatically created for them.
If auto-registration is disabled, a Alteryx administrator must still provision a user account before it is available. See below.
After SSO with auto-registration has been enabled, you can still manage users through the Trifacta Application, with the following provisions:
The Designer Cloud Powered by Trifacta platform does not recheck for attribute values on each login. If attribute values change with your identity provider, they must be updated in the configuration.
For more information, see Configure SSO for AD-LDAP
For more information, see Configure SSO for SAML.
If the user has been removed from AD, the user cannot sign in to the platform.
If you need to remove a user from the platform, you should just disable the user through the Trifacta Application.
If the user is deleted, then if the user returns to the platform in the future, a new account is created for the user.
For more information, See Users Page.
To disable auto-provisioning in the platform, please verify the following property:
You can apply this change through the Admin Settings Page (recommended) or
trifacta-conf.json. For more information, see Platform Configuration Methods.Set the following property:
"webapp.sso.enableAutoRegistration" : false,
Save your changes and restart the platform.
New users of the Designer Cloud Powered by Trifacta platform must be provisioned by a Alteryx administrator. See below.
If SSO auto-registration is disabled, admin users can provision new users of the platform through the following URL:
https://<hostname>:<sso_port_number>/register
where:
<hostname>is the host of the Designer Cloud Powered by Trifacta platform<sso_port_number>is the port number.
The user's password is unnecessary in an SSO environment. You must provide the SSO principal value, which is typically the Active Directory login for the user.
If you are connected to a Hadoop cluster, you must provision the Hadoop principal value.
See Create User Account.
Users access the application through the Trifacta node using the standard hostname and the port that you specified:
Note
All users must be use this URL to access the Trifacta Application. If they use the non-SSO URL, they may receive an Unprovisioned User error.
https://<hostname>:<sso_port_number>