Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Woohoo! Qlik Community has won “Best in Class Community” in the 2024 Khoros Kudos awards!
Announcements
Nov. 20th, Qlik Insider - Lakehouses: Driving the Future of Data & AI - PICK A SESSION
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
marcelinoa
Partner - Contributor III
Partner - Contributor III
‎2024-03-07 06:29 AM

Use Qlik Dev APIs to create user and add them to a Group.

Hi, I'm using the Qlik Dev APIs to grab a user that exists in our Microsoft Entra (Azure AD) and create it in our Qlik Cloud. I can do it by making a POST request to "/v1/users". But then I need to assign them to Groups and I'm not seeing how I can do it.

The "/v1/users" allows me to assign the user to a Role but not a Group, and with the "/v1/groups", I can only view, create, patch, delete, etc said groups, not add a user to them.

Is there a way for me to add a user to a certain Group using the Qlik Dev APIs?

Labels (3)
Labels
553 Views
0 Likes
1 Solution

Accepted Solutions
JonnyPoole
Former Employee
Former Employee
‎2024-03-07 07:48 AM

Group membership is determined by the Idp at the time of login. The group that the user belongs to come in the claim from the provider.  

Group claims are not enabled by default in Qlik Cloud, you need to turn them on un QMC/settings on a tenant by tenant basis. 

You also need to ensure your IdP configuration includes group claims.

Once that is all configured you can assign groups to have various authorisations in the tenant such as space permissions.

View solution in original post

537 Views
0 Likes
4 Replies
JonnyPoole
Former Employee
Former Employee
‎2024-03-07 07:48 AM

Group membership is determined by the Idp at the time of login. The group that the user belongs to come in the claim from the provider.  

Group claims are not enabled by default in Qlik Cloud, you need to turn them on un QMC/settings on a tenant by tenant basis. 

You also need to ensure your IdP configuration includes group claims.

Once that is all configured you can assign groups to have various authorisations in the tenant such as space permissions.

538 Views
0 Likes
DaveChannon
Employee
Employee
‎2024-03-15 05:37 AM

Nothing to add to Jonny's comment, but I am interested in why you wish to pre-provision the groups @marcelinoa ? Is there a reason you need them before the user session?

474 Views
marcelinoa
Partner - Contributor III
Partner - Contributor III
‎2024-03-15 05:49 AM
Author

@DaveChannon I think it's a very specific situation of our client. Not everyone has yet used or accessed  the Qlik envirenment, or may not do so, but it is still vital that they receive alerts from certain reports, but if the user has not yet accessed they don't get groups assigned to them, and won't receive the alerts.
But he will have them login just to "activate" the user since that seems to resolve the issue.

468 Views
0 Likes
DaveChannon
Employee
Employee
‎2024-03-15 05:52 AM

OK, so you have one other option and that is to use a JWT IdP to impersonate a login of the user. This will associate the user with their groups prior to login, but it's something you'd need to manage and run from your side (or via automations with custom code blocks).

464 Views
0 Likes