Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Jan 16, 2023 2:41:46 AM
Nov 15, 2021 5:07:20 PM
Groups are not retrieved from Okta when using OIDC authentication in Qlik Sense Enterprise on Windows (client-managed), but they are retrieved in Qlik Cloud.
Qlik Sense Enterprise on Windows
Qlik Sense for Windows reads the groups from the id_token, while Qlik Sense Cloud reads the groups from the userinfo endpoint.
By default, Okta does not include the groups in the id_token. Please follow the below steps for groups to be included in the id_token so that Qlik Sense for Windows can retrieve them.
Steps:
Note: The metadata URI displayed in the Settings tab of the authorization server is for the access token. You can use the URI for the id_token to make this work. You will find more info on the below image and the following link: https://developer.okta.com/docs/guides/customize-tokens-groups-claim/request-token-claim/
Is this still the case? Qlik Sense on Windows does NOT support the oidc userinfo endpoint?
Hello @Gysbert_Wassenaar
Yes, this is correct, Qlik Sense on Windows only reads the groups from the ID token, never from the userinfo endpoint.
Thanks for the answer @Damien_V. Do you know if this will be supported in the near future?
Hello @Gysbert_Wassenaar
This is not currently on the roadmap. If you would like to raise your interest in this feature, please head over to our Ideas section!
All the best,
Sonja
Is this still the case? Qlik Sense on Windows does NOT support the oidc userinfo endpoint? Or did we get any updates??
We are using Ping Federate and there is now way to add userinfo endpoint information to ID token.
Hello @mehmet_gencsoy
We only support ID tokens on Qlik Sense Enterprise on Windows and do not currently have support for the oidc userinfo endpoint on our roadmap. I checked our active ideas and couldn't find one there either.
What I would recommend is to log an idea (right here), as this is our most reliable way to voice ideas and feedback suggestions. Our product teams review them regularly.
Feel free to tag me so I can give it a vote (and tie it back to this article).
All the best,
Sonja