Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Using Qlik SaaS and QSEoW I have Okta successfully integrated for both.
So I can login to both via Okta.
The licensing service does not recognize me as the same user.
Thus, I have to consume 2 licenses in order to be able to use the product.
This is not working as designed where a user should be able to share the license across the different deployments.
What is wrong? Why does it not recognize the same user if I'm using the exact some IdP?
under your identity provider you can specify the settings for this:
I suspect you need to specify email as 'sub', but check your QSEoW virtual proxy to see what field you are using there.
The whole process to change IDPs is here: https://help.qlik.com/en-US/cloud-services/Subsystems/Hub/Content/Sense_Hub/Admin/mc-change-corporat...
Note there is a risk of locking yourself out if you get this wrong so make sure you have your tenant admin details. I would log a support case to verify the steps to do this to ensure you are not logged out!
Regards.
This suggests that different user identifiers are being used in the two systems. They need to map 1 to 1. Can you provide an example?
I'm not sure how I can provide an example.
We use the same Okta account for both instances.
When a user logs into SaaS they are seen as okta\<long alphanumeric string>
When the same user logs into QSEoW they are seen as okta\<user email>
As a result both require a license to use the product on different environments. How do we fix?
under your identity provider you can specify the settings for this:
I suspect you need to specify email as 'sub', but check your QSEoW virtual proxy to see what field you are using there.
The whole process to change IDPs is here: https://help.qlik.com/en-US/cloud-services/Subsystems/Hub/Content/Sense_Hub/Admin/mc-change-corporat...
Note there is a risk of locking yourself out if you get this wrong so make sure you have your tenant admin details. I would log a support case to verify the steps to do this to ensure you are not logged out!
Regards.
Forgot to update after support responded. The resolution was to change the IDP setting within the SaaS client to have the sub value = "email".
This allowed the Windows machine and the SaaS client to recognize the user the same. So when assigning a license both are seeing the one person the same now.
Thank you.