https://community.qlik.com/t5/Management-Governance/Qlik-Sense-Windows-Auth0-SAML-Licence-Allocation/m-p/1783066#M17371 <P>Hello&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/133246">@WalkerLena</a>&nbsp;</P><P>So you're creating an analyzer assignment rule in the QMC based on that role ?</P><P>I don't see why it wouldn't work. If the rule applied, then the user should get assigned an analyzer license when he logs in, this analyzer license will remain for that user, even if the role is not persisted, it will only be removed if you explicitly remove it from the QMC or through APIs.</P><P>Can you provide a screenshot of how your analyzer license assignment rule looks like and also let me know which version of Qlik Sense you are running ?</P> Tue, 16 Feb 2021 15:00:33 GMT Damien_V 2021-02-16T15:00:33Z https://community.qlik.com/t5/Management-Governance/Qlik-Sense-Windows-Auth0-SAML-Licence-Allocation/m-p/1774955#M17187 Hi everyone, Looked in all corners of the internet for an answer on this one and I can't find a thing! I'm using Auth0 IDP to authenticate with Qlik Sense via SAML. I'm successfully able to authenticate and log users into Qlik. I've created some rules in Auth0 to pass some business Groups like "Finance", "Marketing" etc. I pass this into Qlik Sense using user.environment.Groups I can then pass this into Qlik where I've built some Custom Properties to automatically assign Stream and Data Connection access. Works perfectly. I understand that these session variables (user.enviornment.Groups) are not persisted in Qlik Sense. Now my issue.. In Auth0 I created a Role concept, which can either be "Professional" or "Analyzer" depending on the access the user should be assigned, once again I pass this from Auth0 into Qlik, and have a variable user.enviornment.Role. I tired to use my variable to assign either Analyzer or Professional user licence, so that way whatever is mapped in Auth0 just permits access. However.... it doesn't work? I am certain that the Role is making it into Qlik Sense, I decoded the SAML response, and also tried to apply it to streams to ensure it is getting there, definitely is. So I don't know why this isn't working, I suspect it may be something to do with session variables not being persisted in Qlik Sense? I've read there are a number of other people running SAML auth method, so I'd really like to hear from someone else how they achieved this? I think I can probably decode the SAML and hit the licence REST API on the fly to assign a licence, but surely there is an easier way to this that I am not considering? If I can get this last component to work the system should be perfect for my requirements. Many thanks, Sat, 16 Jan 2021 15:22:30 GMT https://community.qlik.com/t5/Management-Governance/Qlik-Sense-Windows-Auth0-SAML-Licence-Allocation/m-p/1774955#M17187 WalkerLena 2021-01-16T15:22:30Z https://community.qlik.com/t5/Management-Governance/Qlik-Sense-Windows-Auth0-SAML-Licence-Allocation/m-p/1783066#M17371 <P>Hello&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/133246">@WalkerLena</a>&nbsp;</P><P>So you're creating an analyzer assignment rule in the QMC based on that role ?</P><P>I don't see why it wouldn't work. If the rule applied, then the user should get assigned an analyzer license when he logs in, this analyzer license will remain for that user, even if the role is not persisted, it will only be removed if you explicitly remove it from the QMC or through APIs.</P><P>Can you provide a screenshot of how your analyzer license assignment rule looks like and also let me know which version of Qlik Sense you are running ?</P> Tue, 16 Feb 2021 15:00:33 GMT https://community.qlik.com/t5/Management-Governance/Qlik-Sense-Windows-Auth0-SAML-Licence-Allocation/m-p/1783066#M17371 Damien_V 2021-02-16T15:00:33Z