Example auth0 authentication setup on Qlik Sense Enterprise SaaS

Sonja_Bauernfeind · May 10, 2022 3:03:11 PM

The steps below are for an example test setup of authentication using Auth0 as Identity Provider (IdP) with on Qlik Sense Enterprise SaaS.

Environment:

Qlik Cloud
Auth0

Resolution:

! The information in this article is provided as-is and to be used at own discretion. Ongoing support on the solution is not provided by Qlik Support.

Note: These steps assume an auth0 "Developer" account has already been created.

Create a new Application in Auth0.

Proceed with the following steps:

In the left menu in Auth0, open Applications.
Click Create application.
Give the application a name, select Single Page Web Applications and click Create.
Select Settings.
In the box Allowed Callback URLs, add the URL to your host in the format https://<host>/login/callback (e.g: https://<tenant name>.us.qlikcloud.com/login/callback).
Scroll down and click Save changes.
Note down the Client ID value.
Note down the Client Secret value.
Scroll to the bottom and select Advanced Settings.
Select the Endpoints tab.
Note down the OpenID configuration URL for later.

Creating a database connection in Auth0

Create a database connection and configure the application to use this connection.

Proceed with the following steps:

In the left menu, select Connections > Database.
Fill in a name for the database connection and click Create.
In the left menu, select Applications.
Open the tab Connections.
Enable the new database connection for the new application.

Creating a new user

If users are not in Auth0, proceed with the following steps:

In the left menu, select Users & Roles > Users.
Click Create user.
Fill in the fields and select the newly created connection.

Setup the Identity Provider in the Management Console within Qlik Sense Enterprise SaaS.

Go to Profile > Administration
Open the section Identity provider.
Click Create new. The page for creating an IdP configuration opens.
Select IdP type Interactive for login of users
Select your IdP provider, Auth0.
Optionally, enter a description.
Fill in the fields in the Application credentials section:
1. OpenID configuration - use the URL from step 11 in Create a new Application in Auth0 section.
2. Client ID - use the Client ID value from step 7 in Create a new Application in Auth0 section.
3. Client secret - use the Client secret value from step 8 in Create a new Application in Auth0 section.
Accept the defaults for the Claims mapping section.
Click Save.

Related Content:

jfitz_chicago · ‎2024-01-23

Very helpful. I'm using Auth0. I used Roles to store group info.

groups box = /https:~1~1qlik.com~1groups

Advanced options claims = email openid profile https://qlik.com/groups

I created an API with the permissions to read groups. (Not 100% sure I needed to do that)

And I created a Flow in the Post Login section (Actions > Flows > Login) that added groups to the response.

/**

* @param {Event} event - Details about the user and the context in which they are logging in.

* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.

*/

exports.onExecutePostLogin = async (event, api) => {

const namespace = 'https://qlik.com';

if (event.authorization) {

api.idToken.setCustomClaim(`${namespace}/groups`, event.authorization.roles);

api.accessToken.setCustomClaim(`${namespace}/groups`, event.authorization.roles);

}

Example auth0 authentication setup on Qlik Sense Enterprise SaaS

Example auth0 authentication setup on Qlik Sense Enterprise SaaS

Integration and Embedding