Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
CurtDaughtryBP
Contributor III
Contributor III
‎2020-07-30 02:48 PM

Qlik SaaS and Enterprise Server not syncing users - Okta IdP on both

Using Qlik SaaS and QSEoW I have Okta successfully integrated for both.

So I can login to both via Okta.

The licensing service does not recognize me as the same user.

Thus, I have to consume 2 licenses in order to be able to use the product.

This is not working as designed where a user should be able to share the license across the different deployments.

What is wrong? Why does it not recognize the same user if I'm using the exact some IdP?

Labels (2)
Labels
1,046 Views
0 Likes
1 Solution

Accepted Solutions
Leigh_Kennedy
Employee
Employee
‎2020-08-05 02:24 AM

In response to CurtDaughtryBP

under your identity provider you can specify the settings for this:

lkn_0-1596606415631.png

I suspect you need to specify email as 'sub', but check your QSEoW virtual proxy to see what field you are using there.

The whole process to change IDPs is here: https://help.qlik.com/en-US/cloud-services/Subsystems/Hub/Content/Sense_Hub/Admin/mc-change-corporat...

 

Note there is a risk of locking yourself out if you get this wrong so make sure you have your tenant admin details.  I would log a support case to verify the steps to do this to ensure you are not logged out!

 

Regards.

 

 

View solution in original post

986 Views
0 Likes
4 Replies
Leigh_Kennedy
Employee
Employee
‎2020-08-02 08:09 PM

This suggests that different user identifiers are being used in the two systems.  They need to map 1 to 1.  Can you provide an example?

1,004 Views
0 Likes
CurtDaughtryBP
Contributor III
Contributor III
‎2020-08-03 10:25 AM
Author

In response to Leigh_Kennedy

I'm not sure how I can provide an example.

We use the same Okta account for both instances. 

When a user logs into SaaS they are seen as okta\<long alphanumeric string>

When the same user logs into QSEoW they are seen as okta\<user email>

As a result both require a license to use the product on different environments. How do we fix? 

 

997 Views
0 Likes
Leigh_Kennedy
Employee
Employee
‎2020-08-05 02:24 AM

In response to CurtDaughtryBP

under your identity provider you can specify the settings for this:

lkn_0-1596606415631.png

I suspect you need to specify email as 'sub', but check your QSEoW virtual proxy to see what field you are using there.

The whole process to change IDPs is here: https://help.qlik.com/en-US/cloud-services/Subsystems/Hub/Content/Sense_Hub/Admin/mc-change-corporat...

 

Note there is a risk of locking yourself out if you get this wrong so make sure you have your tenant admin details.  I would log a support case to verify the steps to do this to ensure you are not logged out!

 

Regards.

 

 

987 Views
0 Likes
CurtDaughtryBP
Contributor III
Contributor III
‎2020-08-07 09:38 AM
Author

In response to Leigh_Kennedy

Forgot to update after support responded. The resolution was to change the IDP setting within the SaaS client to have the sub value = "email".

 

This allowed the Windows machine and the SaaS client to recognize the user the same. So when assigning a license both are seeing the one person the same now.

Thank you.

960 Views