Skip to main content

Qlik Cloud: Read user information from ID token for authentication with Okta

No ratings
cancel
Showing results for 
Search instead for 
Did you mean: 
Caterina_Fruci
Support
Support

Qlik Cloud: Read user information from ID token for authentication with Okta

Last Update:

Jan 4, 2023 2:11:35 AM

Updated By:

Sonja_Bauernfeind

Created date:

Jan 2, 2023 7:00:42 AM

Qlik Cloud allows for the configuration of independent identity providers, including Okta. The setup procedure for Okta and Qlik Cloud can be found here: How to configure Qlik Cloud with Okta.

During the setup process, you will be required to add an Authorization Server, an option which is only available if you have purchased Okta's API Access Management. Qlik provides a workaround in case you have not purchased this add-on and therefore do not have the Authorization Server option.

The workaround consists of selecting the "ADFS" provider while configuring Identity Provider in the Qlik Cloud management console, which will force Qlik Cloud to read the user information from the ID token instead of the userinfo endpoint.

 

Resolution

Follow the steps outlined in How to configure Qlik Cloud with Okta, with the exception of configuring the Identity Provider in the Qlik Cloud Management console differently and skipping step 12 (adding the Authorization Server). 

  1. Open the Qlik Cloud Management Console and browse to Identity Providers 
  2. Locate the Identy Provider you wish to modify or click Create New
  3. Instead of applying Okta as the Provider, choose ADFS
  4. Leave all other settings relevant to Okta, pointing the ADFS discovery URL parameter to the Okta URL.

    create identity provider.png

 

Related Content 

How to configure Qlik Cloud with Okta
Identity Providers
Custom Auth Servers VS Org Auth Servers: https://developer.okta.com/docs/concepts/auth-servers/

 

Environment

Qlik Cloud 

 

 

Labels (1)
Comments
obeyaztas
Contributor
Contributor

I still can't setup the connection with OKTA. Getting the error:

Your request resulted in an error. The 'redirect_uri' parameter must be a Login redirect URI in the client app settings:

 

I think it's something very small... But who can help

hakeemakibu
Contributor
Contributor

Hi @Caterina_Fruci I tried the above and got the same error as @obeyaztas 
Error: The 'redirect_uri' parameter must be a Login redirect URI in the client app settings:

Caterina_Fruci
Support
Support

Hi @hakeemakibu & @obeyaztas 

the error you are reporting is due to the fact that you are using the tenant alias hostname instead of the tenant hostname shown in How-to-configure-Qlik-Cloud-with-Okta in the step 7. Thanks! 

hakeemakibu
Contributor
Contributor

Hi @Caterina_Fruci, that's not actually the case, I used the actual tenant hostname not the alias.

Caterina_Fruci
Support
Support

@hakeemakibu are you using the tenanthostname in Okta ?
In that case , I will suggest you open a Support case to look into it in detail.

Thank you. 

Version history
Last update:
‎2023-01-04 02:11 AM
Updated by: