Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team
The Identity Provider validation succeeded but users are getting the following error when trying to log in with Azure AD:
{"errors":[{"title":"Authentication failed","code":"LOGIN-1","status":"401"}],"traceId":"00000000000000000564e98ec48dd227"}
The Qlik internal logs show:
"error","message":"Failed to fetch extra claims Insufficient privileges to complete the operation.","stack":"Error: Insufficient privileges to complete the operation.\n at new GraphError (/usr/src/app/node_modules/@microsoft/microsoft-graph-client/lib/src/GraphError.js:31:28Note that these log files are not customer-facing. For further assistance, please contact support.
Resolution:
This is because Qlik Sense doesn't have the correct permissions to read group membership from Azure.
- If you do not need group membership to be imported in Qlik Sense, disable "Enable creation of groups" in the "Settings" section in the Qlik console.
- If you need the groups, assign the proper rights in Azure for Qlik Sense to be able to fetch them.
See the link at the end of this article.
Cause:
"App registration" in Azure has not been configure correctly to grant "Admin consent" for the Graph API GroupMember.Read.All, when set up correctly this should looks like the following:
If there is a yellow warning sign, ask your Azure admin to grant Admin consent for the Enterprise application linked to this app registration.
Azure Active Directory > Enterprise applications > select the enterprise application that has the same name as the app registration and go to the "Permissions" tab in the security section.
Click on "Grant admin consent for <Tenant name>" to grand the admin consent for your app registration.
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent
