Qlik Community

Ask a Question

Knowledge Base

Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team

Announcements
May 18th, Changes to the way you login: using email vs. username. READ DETAILS/WATCH VIDEO

Example Multi-Cloud deployment to QSEoCS using Auth0 programmatic authentication or Local Bearer Token

Andre_Sostizzo
Digital Support
Digital Support

Example Multi-Cloud deployment to QSEoCS using Auth0 programmatic authentication or Local Bearer Token

The following are example steps for setting up a test Multi-Cloud deployment using the Local Bearer Token or the Auth0 programmatic (machine-to-machine) authentication. This setup allows for app deployment from Qlik Sense Enterprise on Windows (QSEoW) to Qlik Sense Enterprise on Cloud Services (QSEoCS).


Environment:

  • Qlik Sense Enterprise on Windows (QSEoW), April 2020
  • Qlik Sense Enterprise on Cloud Services (QSEoCS), April 2020

 

Resolution:


! The information in this article is provided as-is and to be used at own discretion. Ongoing support on the solution is not provided by Qlik Support.

Note: These steps assume an auth0 "Developer" account has already been created.

There are two Multi-Cloud Deployment options for integrating QSEoW to the QSEoCS environment and distributing apps. When using the local bearer token option, the auth0 programmatic ("Machine to Machine") application is not required. Skip to On QSEoW section below.

 

On Auth0 site:

Follow the steps under Creating an Auth0 API and application for programmatic access

Notes:
-
Auth0 has recently changed the definition of Scope and calls it Permissions at the time of last update to this article.
- Allowed Web Origins consists of the URL of the QSEoK deployment. If URL uses a DNS name, this has to be resolvable. Otherwise, use the IP address. The URL when deployed in Minikube and certain environments may also needs to have a matching port which is listed as ingress NodePort or LoadBalancer port in QSEoK. This can be checked by running the command "kubectl describe service qliksense-nginx-ingress-controller" or "kubectl get services"

 

On QSEoW:

There are two options:

I. Using a local bearer token:

1. Perform the steps listed under Setup with a local bearer token.
2. Make sure to copy the local bearer token string which is referenced in the On QSEoCS section below.

 

II. Using a programmatic (Machine to Machine) auth0 application:

1. Perform the steps listed under Creating an Auth0 API and application for programmatic access.
2. Open the Multi-cloud Setup Console (MSC) on a web browser via https://<QS server name>/api/msc
3. Click on Deployments and then on + Set up new.
4. Configured the following fields:

Deployment name
QSEoCS_M2M Give it a descriptive name
API Endpoint https://<QSEoCS tenant name> - <QSEoCS tenant name> is the QCS tenant name for when accessing the Cloud Hub
Audience qlik.api Use this a static required value.
Client ID <Client ID> Obtained from Auth0 under the Applications > Machine to Machine application > Settings > Client ID
Client secret <Client Secret> Obtained from Auth0 under the Applications > Machine to Machine application > Settings> Client Secret
Token Endpoint https://<tenant domain>.auth0.com/oauth/token Obtained from Auth0 under the Applications > Machine to Machine application > Settings > Advance Settings > Endpoints > OAuth Token URL

5. Click on Apply
 

On QSEoCS:

I. Using a local bearer token:
1. Logon with a tenant admin account to QSEoCS Management console (e.g: https://<QSEoCS tenant>.us.qlikcloud.com/console )
2. Under Configuration > Identity Providers click on Create new
3. For Type select Multi-cloud
4. Paste the Local bearer token previously copied from the MSC in to its respective box
5. Click Create.
6. Now the App distribution needs to be configured. See example under Example Multi-Cloud App distribution setup
7. See the following article on available logs for App Distribution and Deployment Setup. Multi-Cloud deployment logs and how to change logging level

II. Using a programmatic (Machine to Machine) auth0 application:
1. Logon with a tenant admin account to QSEoCS Management console (e.g: https://<QSEoCS tenant>.us.qlikcloud.com/console )
2. Under Configuration > Identity Providers click on Create new
3. For Type select Machine-to-Machine (M2M)
4. For Provider select Auth0
5. For OpenID configuration use https://<tenant domain>.auth0.com/.well-known/openid-configuration
6. Click Save
7. Now the App distribution needs to be configured. See example under Example Multi-Cloud App distribution setup
8. See the following article on available logs for App Distribution and Deployment Setup. Multi-Cloud deployment logs and how to change logging level

 

Related Content:

Labels (1)
Version history
Revision #:
5 of 5
Last update:
‎2021-02-23 04:20 AM
Updated by:
 
Contributors