Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
July 15, NEW Customer Portal: Initial launch will improve how you submit Support Cases. READ MORE

How to configure Qlik Cloud with Okta

No ratings
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Luis_Arocho-LLantin
Support
Support

How to configure Qlik Cloud with Okta

Last Update:

Nov 9, 2023 5:36:36 AM

Updated By:

Sonja_Bauernfeind

Created date:

Apr 19, 2022 10:57:35 AM

This guide provides the basic instructions on configuring Qlik Cloud with Okta as an identity provider.

This customization is provided as is. Qlik Support cannot provide continued support of the solution. For assistance, reach out to our Professional Services or engage in our active Integrations forum.

Configuring Okta

  1. Go to your Okta Admin Console
  2. Navigate to Applications 
  3. Click Create App Integration

    add new application in okta.png

  4. Choose OIDC - OpenID Connect and Web Application, then click Next

    choose oidc and web application.png

  5. Fill in the App Integration Name (this name identifies the application)
  6. Set Grant type to Authorization Code
  7. Enter your tenant URL in Sign-out redirect URIs, adding /login/callback 

    Example: https://tenant_url/login/callback

    This must be the actual tenant name, not the alias.
    set up the name redirect url and grant type.png

  8. Scroll down to the Assignments section. Set Allow everyone in your organization to access 

    allow everyone in your organization to access.png

  9. Click Save
  10. Copy the Client ID and Client Secret. Both are needed when configuring the IdP on the tenant.
  11. Switch to the Sign On tab

    sign on tab.png

  12. Click Edit on the OpenID Connect ID Token

    edit openid connect id token.png

    1. Set Issuer to the Okta URL
    2. Set Group claim type to Filter
    3. Set Group claim filter to groups, followed by Matches regex  and .*
    4. Click Save

  13. The next step is to add an Authorization Server 

    If you do not have access to Okta's API Access Management, see Using a custom Authorization Server for Okta in Qlik Cloud.

    1. Expand the Okta admin panel menu
    2. Expand Security and open API

      security menu and api tab.png

    3. Click Add Authorization Server.

      add authorizaton server.png


    4. Set Name to QlikAPI (example)
    5. Set Audience to qlik.api
    6. Set Issuer to Okta URL 
    7. Leave everything else default, then click Save

  14. Switch to the Scopes tab

    scopes tab.png
    1. Click Add Scope
    2. Set the Name 
    3. Set a Display phrase
    4. Set a Description
    5. Set User content to Implicit
    6. Mark Set as default scope
    7. Leave Include in public metadata unchecked
    8. Click Save

  15. Switch to Access Policies
    1. Click Add Policy
    2. Set a Name
    3. Set a Description
    4. Set Assign to to All clients
    5. Click Update Policy

  16. Click Add rule

    add new rule.png

    1. Set a Rule Name
    2. Check Client Credentials
    3. Uncheck all items under Client acting on behalf of a user
    4. Check Any user assigned the app
    5. Check Any scopes
    6. Leave the remaining settings at default
    7. Click Create rule
    8. Check Clients Credentials, Any user assigned the app and Any scopes then click Update Rule

      create new rule.png

 

 

Configuring Qlik Cloud Tenant

  1. Open the Qlik Cloud Management Console and browse to Identity Providers 
  2. Click Create New

    Identity Provider.png

  3. Choose Interactive
  4. Choose Okta

    choose okta.png

  5. Fill out the Application credentials as per the Okta Setup

    Application Credentials.png

  6. Provide your claims mapping as per your setup

    Claims mapping.png

  7. Click Create

For additional information on how to create new identity providers in Qlik Cloud, see Creating a new identity provider configuration.

 

Environment:

Qlik Cloud 

 

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

Qlik Cloud
Thumbnail of Qlik Cloud
Qlik Cloud
Labels (1)
6,619 Views
Was this article helpful? Yes No
Comments
Sonja_Bauernfeind
Digital Support
Digital Support
‎2024-02-20 04:54 AM

Hello @hakeemakibu 

Please review the comment made by Caterina as a reply to this question here:

The error you are reporting is due to the fact that you are using the tenant alias hostname instead of the tenant hostname shown in How-to-configure-Qlik-Cloud-with-Okta in the step 7. 

If you are still experiencing issues, please post about your problem in detail in the Integration forum. Include the steps you took and details on your environment and what you are looking to achieve.

All the best,
Sonja 

mgranillo
Specialist
Specialist
‎2024-05-01 09:44 AM

@Sonja_Bauernfeind Do you know how the user gets created in Qlik from the integration with Okta? Our okta team requested that we send them an API key from Qlik so they can send a request to create the user. Is that a good approach? Is that necessary? Can the user be created without a Qlik API key? Note that we've had to do the authorization server work around outlined here: https://community.qlik.com/t5/Official-Support-Articles/Qlik-Cloud-Read-user-information-from-ID-tok...

Sonja_Bauernfeind
Digital Support
Digital Support
‎2024-05-17 03:26 AM

Hello @mgranillo 

I would need to ask you to post this question directly in our Integration forum, including as much detail as possible on what you are looking to achieve.

All the best,
Sonja 

Version history
Last update:
‎2023-11-09 05:36 AM
Updated by:
Digital Support