topic Re: Passing Multiple Roles via the User API (Okta Integration) in Integration, Extension & APIs

Passing Multiple Roles via the User API (Okta Integration)

mgranillo — Fri, 23 Feb 2024 14:26:29 GMT

Does the users API support sending multiple roles on a user create post call? The documentation only shows an example with one name in assignedRoles.

Re: Passing Multiple Roles via the User API (Okta Integration)

Levi_Turner — Fri, 23 Feb 2024 16:17:05 GMT

Sure. Example body:

{ "name": "John Smith", "email": "john.smith@corp.example", "picture": "https://corp.example/docs/jsmith.png", "subject": "1234asdasa6789", "assignedRoles": [ { "name": "Developer" }, { "name": "TenantAdmin" } ] }

Re: Passing Multiple Roles via the User API (Okta Integration)

mgranillo — Fri, 23 Feb 2024 20:46:37 GMT

@Levi_Turner thanks for the response. Do you know if the role ID is required in the post call?

Re: Passing Multiple Roles via the User API (Okta Integration)

Levi_Turner — Fri, 23 Feb 2024 20:50:23 GMT

No, just the role name. The above call results in this:

(the other roles are auto-assigned by the system, which is optional, of course).

Re: Passing Multiple Roles via the User API (Okta Integration)

mgranillo — Tue, 05 Mar 2024 15:34:49 GMT

@Levi_Turner I was taking a closer look at the image you sent and noticed a lot of roles showing in the permissions overview. Why does the permissions overview not just say "tenant admin" and "developer"? There are lost of other permissions listed like "autoML contributor" and "automation creator", etc. Are those defaults for every user?

Re: Passing Multiple Roles via the User API (Okta Integration)

Levi_Turner — Tue, 05 Mar 2024 15:43:13 GMT

For this tenant? Yes. We've set it up so that everyone who logs in get those roles.

You're obviously able to change that to your requirements.

Re: Passing Multiple Roles via the User API (Okta Integration)

mgranillo — Tue, 05 Mar 2024 17:29:42 GMT

@Levi_Turner sorry for one more question. We're getting a 403 error:

The traceId for the error in the json body returned

a2e44e1bdbf445f5d676197e063dc385

Can you provide any guidance on a root cause of this type of error? Where could we be missing permissions?

Re: Passing Multiple Roles via the User API (Okta Integration)

Levi_Turner — Tue, 05 Mar 2024 19:27:41 GMT

403 is a post-authentication denial for permission reasons, so your user (who created the API key or the Oauth identity) isn't authorized to perform this action.

Re: Passing Multiple Roles via the User API (Okta Integration)

mgranillo — Tue, 30 Apr 2024 16:43:48 GMT

@Levi_Turner we decided to manage roles in the QMC and not send roles from Okta. Management falls to the Qlik admin instead of our access team but that's okay for us. Thanks for your comments on this post.