Known limitation in Qlik Cloud Services: Account Owner should not be removed as tenant admin
It is possible to lose the ability to repair or modify the identity provider configuration in Qlik Sense Enterprise on Cloud Services (QSEoC) if the account owner has been removed as a tenant admin.
If the identity provider (IdP) in use in a Qlik Sense Enterprise on Cloud Services tenant is no longer functional and needs to be modified, it is necessary for the original tenant account owner to access the Management Console through the recovery URL. This will fail if this user is no longer an administrator.
Qlik Sense Enterprise on Cloud Services (QSEoCS), April 2020
This can occur if:
The account owner who was initially given the tenant admin role during the Qlik Sense Enterprise on Cloud Services registration process has assigned another user the tenant admin role. And
The new tenant admin has removed the tenant admin role for the account owner. And
The Identity provider configuration breaks (for example, the corporate IdP administrator rotates the client secret key).
To resolve the issue:
Contact Qlik Support. The account owner's tenant admin role will be restored so that the IdP configuration can be repaired (new secret key value set, for example).
To prevent the issue:
Avoid removing the tenant admin role for the account owner.
Ensure the IdP chosen for the integration is the one that needs to be used moving forward.