Qlik Community

Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
Don't miss the upcoming Q&A with Qlik session on Qlik Application Automation on November 16th! REGISTER NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
CurtDaughtry
Partner
Partner

QCS - Auth0 setup and configuration - How to add new users?

Hello,

I just setup a new tenant in Qlik Cloud Services. I am trying to configure Auth0 to allow new users to be able to login to the site.

I am not able add new users.

I did get the auth0 IdP working in the sense that the validation works successfully. But if I add users in the auth0 site - Qlik Sense CS does not see it...or allow that new account to login.

Am I missing something? Does anyone have guidance for setting this up?

Labels (4)
1 Solution

Accepted Solutions
Levi_Turner
Employee
Employee

If you have experience with Qlik Sense Enterprise previous to this, like let's say on Windows, then think of QCS as QSE without a User Directory Connector.

For QCS specifically it has no awareness of what is done on the IdP side until the user logs in. If the user cannot login it's not because QCS does or does not have an awareness that the user exists. When the user accesses the QCS tenant, what happens? What are the steps which the user goes through? For example: tenant.us.qlikcloud.com > Auth0 Login screen > ???

View solution in original post

9 Replies
Levi_Turner
Employee
Employee

Users are added when they login. So the inability to login is the issue. Can you shed more details into that?

CurtDaughtry
Partner
Partner
Author

That is correct. New users are not able to login.

Let's say I create a new user in auth0. That new user is not recognized (i.e. unable to login) when they attempt to access the QCS site.

Generally speaking, How do I add new users to the environment? Clearly you can't create a user within QCS. So my thought is that you'd add them in the IdP directory. But that doesn't seem to be working either.

Thanks for your help

Levi_Turner
Employee
Employee

If you have experience with Qlik Sense Enterprise previous to this, like let's say on Windows, then think of QCS as QSE without a User Directory Connector.

For QCS specifically it has no awareness of what is done on the IdP side until the user logs in. If the user cannot login it's not because QCS does or does not have an awareness that the user exists. When the user accesses the QCS tenant, what happens? What are the steps which the user goes through? For example: tenant.us.qlikcloud.com > Auth0 Login screen > ???

View solution in original post

CurtDaughtry
Partner
Partner
Author

Okay.

So when the user goes to the site (tenant.us.qlikcloud.com) > Qlik Login screen (appears to come from Qlik, not auth0) > enter credentials > goes to 403 forbidden message.

I attached the resulting image and the login screen image.

Levi_Turner
Employee
Employee

@AdamSawyer : Thoughts?

AdamSawyer
Digital Support
Digital Support

Hey Curt, 

I just sent you an email to gather some more details. 

Adam Sawyer

disqr_rm
Partner
Partner

This document might help. 

JamieJ
Employee
Employee

The login screen shown at https://community.qlik.com/t5/Qlik-Sense-Multi-Cloud/QCS-Auth0-setup-and-configuration-How-to-add-ne... is the Qlik IdP login screen (the default IdP before you configure and activate your own IdP), not your own Auth0 IdP.

To add your own Auth0 IdP, you must configure it successfully in the Management Console (/console after logging it as administrator) and then set it as "active". Please confirm that you have done this.

The toggle to activate an IdP that has been successfully configured and tested can be found here:

activate IdP selectoractivate IdP selector

 

Once you've activated your own IdP, visiting your tenant URL should bring you to your own Auth0 login screen, not the Qlik login. From there, any user setup with access on your Auth0 IdP should be able to login to Qlik Sense.

CurtDaughtry
Partner
Partner
Author

This explains the issue.

We must create / manage the users allowed to access the site using the IdP (and from within the IdP). Once the user has logged in we can manage the user's authorization to various assets.

Thanks all who contributed.