Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Dec 14, 2022 2:51:45 AM
Sep 3, 2021 10:17:02 AM
The Identity Provider validation succeeded but users are getting the following error when trying to log in with Azure AD:
{"errors":[{"title":"Authentication failed","code":"LOGIN-1","status":"401"}],"traceId":"00000000000000000564e98ec48dd227"}
The Qlik internal logs show:
"error","message":"Failed to fetch extra claims Insufficient privileges to complete the operation.","stack":"Error: Insufficient privileges to complete the operation.\n at new GraphError (/usr/src/app/node_modules/@microsoft/microsoft-graph-client/lib/src/GraphError.js:31:28
Note that these log files are not customer-facing. For further assistance, please contact support.
This is because Qlik Sense doesn't have the correct permissions to read group membership from Azure.
See the link at the end of this article.
"App registration" in Azure has not been configure correctly to grant "Admin consent" for the Graph API GroupMember.Read.All, when set up correctly this should looks like the following:
If there is a yellow warning sign, ask your Azure admin to grant Admin consent for the Enterprise application linked to this app registration.
Azure Active Directory > Enterprise applications > select the enterprise application that has the same name as the app registration and go to the "Permissions" tab in the security section.
Click on "Grant admin consent for <Tenant name>" to grand the admin consent for your app registration.
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent
Hi Damien,
We've managed to set this up, and had this error. Resolution 1 solved this for us, but we want to be able to use groups.
We've done the config in Resolution 2, but still get the error. Is there a way we can see the error message in the internal Qlik logs? I don't find these in the Cloud QMC - only events that does not seem to hold this information.
All the best.
Hello @Hornstrup_83
This error is being sent in our internal Qlik Cloud logs. I would advise contacting support (through chat, just use the "Contact Support" button) to log a ticket with our product support to assist you further.
All the best,
Sonja
Were you able to resolve this problem with groups enabled?