Welcome to the Alteryx Knowledge Base

Configuring SAML 2.0 on Alteryx Server for Azure AD
user

Created/Edited - 4/23/2026 by Seth Bachman | Alteryx

How To

Configure SAML 2.0 on Alteryx Server for Azure AD

 

KB content has been superseded by the Help page:  Configure SAML 2.0 on Alteryx Server for Microsoft Entra ID

 

Starting in 2018.2, Alteryx Server supports a majority of identity provider (IdP) connections that adhere to the SAML 2.0 Standard and allows for single sign-on to the Alteryx Gallery. This article covers the configuration and setup for both Azure AD and Alteryx Server.

Environment
  • Alteryx Server
    • Version 2018.2+
Prerequisites
  • Alteryx Server access with permissions to configure Alteryx System Settings
  • SSL Enabled for Gallery URL (HTTPS)
  • Azure Portal
    • Access (typically Admin) to create and edit enterprise applications within Azure Active Directory
Procedure

Procedure: Part 1 - Azure Configuration

 

  1. In the Azure portal > Select Azure Active Directory > Enterprise Applications and then select + New Application or select one that was already created for Alteryx Gallery. Here is the Microsoft page for more information on creating applications. 

 

 
 
  1. Select the application that will be used for the SAML configuration and then click on Single Sign-On. This will open the SAML configuration page. The fields that are required are below:
 
Basic SAML Configuration 
Identifier (Entity ID) = https://YOUR_GALLERY_URL.com/aas/Saml2
Reply URL (Assertion Consumer Service URL) = https://YOUR_GALLERY_URL.com/aas/Saml2/Acs
**Note** These fields will not accept an HTTP URL

User Attributes & Claims
Required claim
Unique User Identifier(Name ID) = set to Email Address and Source Attribute set to user.userprincipalname
Additional claims
firstName = user.givenname
lastName = user.surname
email       = user.userprincipalname
Note: Remove the Namespaces that auto-populate for all additional Claims only, and ensure firstName and lastName are in camelCase. 


 

   Required Claim

 
Additional claims - email

 SAML Signing Certificate
App Federation Metadata URL = You will need this URL for the Alteryx Server Settings.
**Note** This is where you can manually download the x.509 certificate 

Set up Alteryx Gallery (Application Name)
Azure AD Identifier = You will need this URL for the Alteryx Server Settings
 
 
 

Part 2 - Alteryx System Settings

 
  1. In the server Alteryx System Settings, ensure SSL is enabled under Gallery > General. You will need to install a certificate on the server; more information can be found here

 

 
 
  1. Next, Select SAML Authentication > IDP Metadata URL > and enter the three URLs.

ACS Base URL = This field will auto-populate and be configured with HTTPS. This is the Gallery URL with "/aas" at the end.
IDP URL = This is the Azure AD Identifier URL from the Azure SSO page
IDP Metadata URL = This is the App Federation Metadata URL from the Azure SSO Page 
 
 
  1. Finally, once all are entered, click Verify IDP to test the connection. There is also a way to test the connection in the Azure portal. Then select Next through the rest of the settings to save the configuration. Once everything is saved, navigate to the Gallery in a browser and hit Log In, where you will be prompted with a Microsoft Azure sign-in page. 
  
Was this article helpful?