Skip to main content

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Announcements
Week 4: Discover ELT + ETL Strategies and Explore Predictive AI in Qlik Cloud - WATCH NOW

Qlik Cloud: How to set up Cisco Duo as an Identity Provider

No ratings
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Damien_V
Support

Qlik Cloud: How to set up Cisco Duo as an Identity Provider

Last Update:

Nov 6, 2023 3:35:28 AM

Updated By:

Sonja_Bauernfeind

Created date:

Oct 30, 2023 10:44:26 PM

This customization is provided as is. Qlik Support cannot provide continued support of the solution. For assistance, reach out to our Professional Services or engage in our active Integrations forum.

This article explains how to set up Cisco Duo as an Open ID Connect (OIDC) Identity Provider to authenticate to Qlik Cloud.

Set up Cisco Duo

  1. in Cisco Duo, go to Application and create a new application.

  2. Set Grant Type to Authorization Code 
    • Allow PKCE only authentication remains unchecked.
    • Access Token Lifetime can be set to 60 

  3. Set Sign-in Redirect URLs to your Qlik Cloud tenant URL, appending /login/callback. Do not use the alias.

    Example: https://<TENANT     URL>.<REGION>.qlikcloud.com/login/callback

    If you don't recall the original tenant URL, open https://<TENANT URL>.<REGION>.qlikcloud.com/api/v1/tenants in a browser tab to locate it.

  4. In the Scopes section:
    1. Verify that openid is set as the scope
    2. Check profile and set the following claim:
      • IdP Attribute: <Display Name>
      • Claim: name
    3. Check email and set the following claim:
      • IdP: <Email Address>
      • Claim: email

  5. Set a Name 

  6. Uncheck Let users remove devices, add new devices, and reactive Duo Mobile

  7. If required, limit who can authenticate through this application (Users in the organization that will be able to log in to Qlik Cloud).

    To do so, check Only allow authentication from users in certain groups and choose the required group.

 

Set up Qlik Cloud

  1. Log in to the Qlik Cloud Management Console and navigate to Identity Provider

  2. Create a new Identity Provider
    • Type: Interactive
    • Provider: Generic

  3. Input the OpenID Connect Metadata URI as created in Cisco Duo

    The Metadata URI can be found under Discovery URL in the application created previously in Cisco Duo.

  4. Input the Client ID as created in Cisco Duo

  5. Input the Client Secret as created in Cisco Duo

  6. Leave Realms (optional) blank

  7. sub is set to sub

  8. Click Create and Save

  9. Click Validate

    After clicking Validate and logging in to Cisco Duo, confirm that claim mapping is correct and make the user a Tenant Admin so that you can still access the management console after activating Cisco Duo as an Identity Provider.

    Once Cisco Duo has been activated as your new IdP, the Invite User option will be disabled in your Management Console as users will now be managed by your new Identity Provider. See Identity providers.

 

Environment

Qlik Cloud  

 

1,296 Views
Was this article helpful? Yes No
Comments
Arthurlee
Contributor
‎2023-10-31 02:09 PM

Thanks a lot, it worked!

RaviGinqo
Partner - Contributor II
‎2025-02-06 12:09 PM

HI @Damien_V  Is there a way we can groups through this OIDC Setup in Duo, Is there recommended steps around that? Or would you recommend SAML configuration with DUO for the same.

Version history
Last update:
‎2023-11-06 03:35 AM
Updated by:
Top