Prerequisites

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

Customer Managed Applies to customer-managed instances of Alation

Please contact your Account Team to obtain the ASM software. This is provided as a zip archive.

Alation Services Manager (ASM) requires a server to run on. This section describes the required infrastructure in terms of Linux OS, hardware, and networking.

For ACS customers, the ASM machine is typically an EC2 instance. For on-prem and self-managed customers the ASM machine should have a similar specification.

Infrastructure Requirements

ASM has the same infrastructure requirements as Alation Agent. To create the environment to host ASM please refer to the Agent System Requirements for Operating System (latest) and hardware details in the Alation Agent documentation.

Network Requirements

The following network inbound/outbound and DNS requirements are needed:

Outbound

• API access to your Alation instance (HTTPS)

• Access to your Alation Analytics database

  • For Cloud customers: Access to Alation Analytics on Snowflake

  • For On-prem customers: Access to Alation Analytics on Postgres

Inbound

• Internal only http access on port 80 (no public access) is needed

DNS

• A DNS entry is needed to allow internal routing to this system

Optional: SSL/TLS

We recommend customers place a load balancer in front of their ASM instance. Customers can configure an SSL cert on the load balancer and the load balancer will handle all HTTPS traffic. Work with your devops / cloud admin team to prepare to install a load balancer, and obtain the certificate and SSL/TLS configuration details.

Optional: SAML

ASM supports both local authentication (default) and SAML authentication. When SAML is enabled, ASM users will be redirected to the IDP to authenticate. The SAML IDP provider options supported by ASM are Entra ID and Okta.

Provision an Application for SAML Authentication

To enable ASM’s SAML support, first configure an application through your Identity Provider (IDP).

• Entra ID: To set up an application on Entra ID, please follow Set Up SAML and SCIM Integration in Microsoft Entra ID and stop before getting to the section titled Complete the Configuration in Alation.

• Okta: To set up an application on Okta, please follow Configure Authentication with SAML from Alation Shell paying particular attention to the section Example IdP Configuration: Okta (2018.42) as SSO Provider. At the very last step, please make sure to leave the Name Format as ‘unspecified’ instead of ‘URI Reference’.

You will also need to download the XML Metadata file from your IDP and copy the XML file to the instance where you will be installing ASM during the Installation steps.

Next, collect the following details needed to configure SAML:

SAML_PROVIDER='entra_id'           # 'entra_id' or 'okta'
ENTITY_ID='https://alation.com/'   # example 'https://alation.com' - needs to match the entity id set up on the IDP (Entra ID, Okta)
WANT_ASSERTIONS_SIGNED=True        # True or False (default: True)
WANT_RESPONSE_SIGNED=False         # True or False (default: False)