Skip to main content
Announcements
Do More with Qlik - Qlik Cloud Analytics Recap and Getting Started, June 19: REGISTER
cancel
Showing results for 
Search instead for 
Did you mean: 
tens
Partner - Contributor III
Partner - Contributor III

Qlik Cloud: Generic SAML connector and Google Workspace

Hi community, 

I noticed that Qlik released a generic SAML IDP connector in Qlik Cloud Platform and I would like to use it for Google Workspace. I already configured OIDC IDP for Google and it works good on Qlik Tenant, but Google doesn't return groups in the identity token in OIDC Version. By using SAML, I can retrieve groups. 

I tried to configured it by creating a SAML application in Google Workspace but I don't know how to get the ACS URI.

Here's how I configured the IDP

 

Step 1: Getting IDP Metadata: I downloaded Meta Data to configure the IDP in Qlik Cloud. 

Google Workspace IInformationGoogle Workspace IInformation

 

Step 2: I tried to configure in Qlik CLoud by using IDP metadata file  and by providing manually the informations (I tested multiples combinaisons here's below one of combinaison I tried).

 

Manual Configuration. (Configuration with metadata has been tested to)Manual Configuration. (Configuration with metadata has been tested to)

Step 3: As I've no information to get any ACS URI, I tried to get it by creating the IDP without validating. And selecting my new SAML IDP Configuration > View provider configuration

Error when I'm trying to get more informations about the IDP provider (to get the ACS URI)Error when I'm trying to get more informations about the IDP provider (to get the ACS URI) 

 Step 4: I blocked at this step because I've no clues where can I get the ACS URI to finish the IDP configuration

How can I get the ACS URI in Qlik CloudHow can I get the ACS URI in Qlik Cloud

 

Have anyone already configured Generic SAML IDP with Google Workspace in Qlik Cloud Product ? Is there a bug or a lack of informations that made I can't continue the configuration. I already opened a ticket and support tells me to ask to community for this kind question.

Thank you 

Best Regards

 

 

 

 

 

 

 

 

Labels (3)
1 Solution

Accepted Solutions
tens
Partner - Contributor III
Partner - Contributor III
Author

Hi Community, 

Thank to the post (https://community.qlik.com/t5/Official-Support-Articles/Qlik-Cloud-Information-needed-to-troubleshoo...) of Damien Villaret and the support. I got correct information about ACS URI and SAML:issuer to finish configuration about Google IDP.

Here's the process I followed to configure my Google Workspace IDP:

Configure IDP on Google Admin Portal:

Step 1: Connect to Google Admin: https://admin.google.com/

Google Admin PortalGoogle Admin Portal

 

Step 2: Go into Applications > Web and Mobile application

Creating SAML applicationCreating SAML application

 

Step 3: Create a personalised SAML application

Step3NamingSAMLApplication.PNG

Step 4: Download SAML IDP Metadata

 

Step4DownloadMetaData.PNG

 

Step 5: Used following https://<tenant_id>.com/login/saml as ACS URI and https://<tenant_id>.com as Entity ID

Configuring IDP InformationsConfiguring IDP Informations

Step 6: Used the following mapping:

Step6MappingAttribues.PNG


Configuring SAML IDP into Qlik Cloud Portal:

 

Step 1: Go into Qlik Management Console > Identity Provider

 

Step 2: Create a new

 

Creating new IDPCreating new IDP

 

Step 3: Configure IDP by using Metadata file downloaded before and check SAML attributes mappings:

Configuring IDP in Qlik Cloud with Metadata file and checking attributes mappingsConfiguring IDP in Qlik Cloud with Metadata file and checking attributes mappings

Step 4: Validate the IDP.

 

Step 5: Login with my Google Account to validate.

 

Step 6: Verifying if  my mapping is correct.

Verifying mappingVerifying mapping

 

Step 7: Promoting my user to tenant admin

Step 8: Enabling this new IDP

Photo12.PNG

Enabling group creation into Qlik Cloud Portal:

To finish the configuration, you need to go in QMC > Setting and enable the creation of groups options as described below: 

groupClaim.PNG

 

Your Google Workspace IDP is now ready to use.

Thank you very much to Qlik Assitance about ACS URI.

 

Best regards 

Tens

 

View solution in original post

1 Reply
tens
Partner - Contributor III
Partner - Contributor III
Author

Hi Community, 

Thank to the post (https://community.qlik.com/t5/Official-Support-Articles/Qlik-Cloud-Information-needed-to-troubleshoo...) of Damien Villaret and the support. I got correct information about ACS URI and SAML:issuer to finish configuration about Google IDP.

Here's the process I followed to configure my Google Workspace IDP:

Configure IDP on Google Admin Portal:

Step 1: Connect to Google Admin: https://admin.google.com/

Google Admin PortalGoogle Admin Portal

 

Step 2: Go into Applications > Web and Mobile application

Creating SAML applicationCreating SAML application

 

Step 3: Create a personalised SAML application

Step3NamingSAMLApplication.PNG

Step 4: Download SAML IDP Metadata

 

Step4DownloadMetaData.PNG

 

Step 5: Used following https://<tenant_id>.com/login/saml as ACS URI and https://<tenant_id>.com as Entity ID

Configuring IDP InformationsConfiguring IDP Informations

Step 6: Used the following mapping:

Step6MappingAttribues.PNG


Configuring SAML IDP into Qlik Cloud Portal:

 

Step 1: Go into Qlik Management Console > Identity Provider

 

Step 2: Create a new

 

Creating new IDPCreating new IDP

 

Step 3: Configure IDP by using Metadata file downloaded before and check SAML attributes mappings:

Configuring IDP in Qlik Cloud with Metadata file and checking attributes mappingsConfiguring IDP in Qlik Cloud with Metadata file and checking attributes mappings

Step 4: Validate the IDP.

 

Step 5: Login with my Google Account to validate.

 

Step 6: Verifying if  my mapping is correct.

Verifying mappingVerifying mapping

 

Step 7: Promoting my user to tenant admin

Step 8: Enabling this new IDP

Photo12.PNG

Enabling group creation into Qlik Cloud Portal:

To finish the configuration, you need to go in QMC > Setting and enable the creation of groups options as described below: 

groupClaim.PNG

 

Your Google Workspace IDP is now ready to use.

Thank you very much to Qlik Assitance about ACS URI.

 

Best regards 

Tens