Hi everyone,

Looked in all corners of the internet for an answer on this one and I can't find a thing!

I'm using Auth0 IDP to authenticate with Qlik Sense via SAML. I'm successfully able to authenticate and log users into Qlik.  I've created some rules in Auth0 to pass some business Groups like "Finance", "Marketing" etc. I pass this into Qlik Sense using user.environment.Groups I can then pass this into Qlik where I've built some Custom Properties to automatically assign Stream and Data Connection access. Works perfectly. 

I understand that these session variables (user.enviornment.Groups) are not persisted in Qlik Sense.  

Now my issue..

In Auth0 I created a Role concept, which can either be "Professional" or "Analyzer" depending on the access the user should be assigned, once again I pass this from Auth0 into Qlik, and have a variable user.enviornment.Role. I tired to use my variable to assign either Analyzer or Professional user licence, so that way whatever is mapped in Auth0 just permits access. However.... it doesn't work? I am certain that the Role is making it into Qlik Sense, I decoded the SAML response, and also tried to apply it to streams to ensure it is getting there, definitely is. 

So I don't know why this isn't working, I suspect it may be something to do with session variables not being persisted in Qlik Sense? I've read there are a number of other people running SAML auth method, so I'd really like to hear from someone else how they achieved this?

I think I can probably decode the SAML and hit the licence REST API on the fly to assign a licence, but surely there is an easier way to this that I am not considering?

If I can get this last component to work the system should be perfect for my requirements. 

Many thanks,

Thomas