Skip to main content

Official Support Articles

Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team

Announcements
An issue has been identified on Qlik Cloud hub, please visit our Status Update Page for details: GET THE LATEST

Qlik Cloud "Authentication failed","code":"LOGIN-1","status":"401" when logging in with Azure AD

cancel
Showing results for 
Search instead for 
Did you mean: 
Damien_Villaret
Support
Support

Qlik Cloud "Authentication failed","code":"LOGIN-1","status":"401" when logging in with Azure AD

The Identity Provider validation succeeded but users are getting the following error when trying to log in with Azure AD:

{"errors":[{"title":"Authentication failed","code":"LOGIN-1","status":"401"}],"traceId":"00000000000000000564e98ec48dd227"}

The Qlik internal logs show:

"error","message":"Failed to fetch extra claims Insufficient privileges to complete the operation.","stack":"Error: Insufficient privileges to complete the operation.\n    at new GraphError (/usr/src/app/node_modules/@microsoft/microsoft-graph-client/lib/src/GraphError.js:31:28

Note that these log files are not customer-facing. For further assistance, please contact support.

Resolution:

This is because Qlik Sense doesn't have the correct permissions to read group membership from Azure.

  1. If you do not need group membership to be imported in Qlik Sense, disable "Enable creation of groups" in the "Settings" section in the Qlik console.

    Damien_Villaret_1-1630678529130.png

  2. If you need the groups, assign the proper rights in Azure for Qlik Sense to be able to fetch them.

See the link at the end of this article.

 

Cause:

"App registration" in Azure has not been configure correctly to grant "Admin consent" for the Graph API GroupMember.Read.All, when set up correctly this should looks like the following:

 

Damien_Villaret_0-1630677516434.png

 

If there is a yellow warning sign, ask your Azure admin to grant Admin consent for the Enterprise application linked to this app registration.

Azure Active Directory > Enterprise applications > select the enterprise application that has the same name as the app registration and go to the "Permissions" tab in the security section. 

Click on "Grant admin consent for <Tenant name>" to grand the admin consent for your app registration.

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent

 

Labels (1)
Comments
Hornstrup_83
Partner - Contributor
Partner - Contributor

Hi Damien, 

We've managed to set this up, and had this error. Resolution 1 solved this for us, but we want to be able to use groups. 

We've done the config in Resolution 2, but still get the error. Is there a way we can see the error message in the internal Qlik logs? I don't find these in the Cloud QMC - only events that does not seem to hold this information.

All the best.

Sonja_Bauernfeind
Digital Support
Digital Support

Hello @Hornstrup_83 

This error is being sent in our internal Qlik Cloud logs. I would advise contacting support (through chat, just use the "Contact Support" button) to log a ticket with our product support to assist you further.

All the best,
Sonja 

Version history
Last update:
‎2022-12-14 02:51 AM
Updated by: