Identity providers

Identity providers define how your users authenticate to your tenant when attempting to access content.

Download specification

List IdPs

This endpoint retrieves any IdPs registered on the tenant.

Facts

Rate limit Tier 1 (1000 requests per minute)
Categories manage

Query Parameters

  • activeboolean

    If provided, filters the results by the active field.

  • limitnumber

    The number of IdP entries to retrieve.

    minimum = 1, maximum = 100, default = 20, default = 20

  • nextstring

    The next page cursor.

  • prevstring

    The previous page cursor.

Responses

200

application/json

Success

  • application/jsonobject
    Show application/json properties
    • dataarray of objects

      An array of IdPs.

      One of:
      • BaseIDPobject

        An OIDC-compliant identity provider.

        Show BaseIDP properties
        • idstring

          The unique identifier for the IdP.

        • metaobject
        • activeboolean

          Indicates whether the IdP is available for use.

        • createdstring

          The timestamp for when the IdP was created.

          format = "date-time"

        • protocolstring

          The protocol to be used for communicating with the identity provider. Valid values are OIDC, SAML, jwtAuth, and qsefw-local-bearer-token.

          Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"

        • providerstring

          The identity provider to be used. If protocol is OIDC, the valid values are auth0, okta, generic, salesforce, keycloak, adfs, and azureAD. If protocol is jwtAuth, the valid value is external.

          Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"

        • tenantIdsarray of strings

          The tenant identifiers associated with the given IdP.

        • descriptionstring
        • interactiveboolean

          Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.

        • lastUpdatedstring

          The timestamp for when the IdP was last updated.

          format = "date-time"

        • clockToleranceSecinteger
        • createNewUsersOnLoginboolean

          When the flag is true, new users should be created when logging in for the first time.

        • postLogoutRedirectUristring

          Direct the user on logout to a specific URI.

        • optionsobject
          Show options properties
          • realmstring

            The realm identifier for the IdP.

          • scopestring

            Scope that will be sent along with token requests to the IdP.

          • issuerstring

            This field is only used in Qlik Sense Enterprise Client-Managed IdPs.

          • clientIdstring

            The client identifier used as part of authenticating an interactive identity provider.

          • clientSecretstring

            The client secret used as part of authenticating an interactive identity provider.

          • discoveryUrlstring

            The OpenID configuration endpoint. (Ex: https:///.well-known/openid-configuration).

          • claimsMappingobject

            Mappings from claim name to an array of JSON pointers that point to locations in the claims from the IdP to retrieve the value from.

            Show claimsMapping properties
            • subarray of strings

              A list of JSON pointers used to map the user's subject.

            • namearray of strings

              A list of JSON pointers used to map the user's name.

            • emailarray of strings

              A list of JSON pointers used to map the user's email.

            • groupsarray of strings

              A list of JSON pointers used to map the user's groups.

            • localearray of strings

              A list of JSON pointers used to map the user's locale.

            • picturearray of strings

              A list of JSON pointers used to map the user's picture.

            • zoneinfoarray of strings

              A list of JSON pointers used to map the user's zoneinfo.

            • client_idarray of strings

              A list of JSON pointers used to map the user's client ID.

            • email_verifiedarray of strings

              A list of JSON pointers used to map the user's email_verified claim.
          • decryptingKeyobject

            A decrypting key used to decrypt OIDC encrypted assertions

            Show decryptingKey properties
            • jwksstring

              The public key in jwk format

            • keyIdstring

              The id of the decrypting key

            • keySizeinteger
              Required

              The algorithm size of the decrypting key

            • keyTypestring
              Required

              The algorithm type of the decrypting key

            • createdAtstring

              The timestamp for when the decrypting key was created.

              format = "date-time"

            • createdBystring

              The user id of the user who created the decrypting key

            • publicKeystring

              The public key in pem format

            • certificatestring

              The key's certificate in pem format
          • openid_configurationobject

            OpenID configuration

            Show openid_configuration properties
            • issuerstring
              Required

              OpenID Provider issuer

            • jwks_uristring
              Required

              URL of the OP's JSON Web Key Set [JWK] document

            • token_endpointstring
              Required

              OAuth 2.0 Token Endpoint

            • userinfo_endpointstring

              URL of the OP's UserInfo Endpoint

            • end_session_endpointstring

              URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.

            • authorization_endpointstring
              Required

              OAuth 2.0 Authorization Endpoint

            • introspection_endpointstring

              The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
          • blockOfflineAccessScopeboolean

            If true, the offline_access scope will not be requested from the IdP, where applicable.

          • emailVerifiedAlwaysTrueboolean

            Determines if email_verified should be always true. This field is only used in ADFS and AzureAD IdPs.
        • pendingStatestring

          The state of pendingOptions. This represents the latest IdP test result.

          Can be one of: "verified""pending""error"

        • pendingResultobject
          Show pendingResult properties
          • errorstring

            A unique readable error message based on the error that has occurred.

          • statusstring
            Required

            The status of the IdP configuration being tested.

            Can be one of: "success""pending""error""claimsError""callbackError""tokenError""protocolError""networkError""configChangedDuringTestError"

          • startedstring

            The timestamp for when the test was started for an IdP configuration. This field is only available during lifespan of the test.

            format = "date-time"

          • protocolstring

            The protocol used to communicate with the IdP during the test flow.

            Can be one of: "OIDC""SAML"

          • idpClaimsobject

            The claims retrieved from the external IdP.

          • oauth2Errorobject
            Show oauth2Error properties
            • errorstring
              Required

              An error code to identity the authentication error.

            • errorURIstring

              An optional URI that includes additional information about the given error.

            • errorDescriptionstring

              An optional human-readable description for the given error code.
          • resultantClaimsobject

            The resultant claims based on the claims received from the external IdP.
        • pendingOptionsobject
          Show pendingOptions properties
          • realmstring

            The realm identifier for the IdP.

          • scopestring

            Scope that will be sent along with token requests to the IdP.

          • issuerstring

            This field is only used in Qlik Sense Enterprise Client-Managed IdPs.

          • clientIdstring

            The client identifier used as part of authenticating an interactive identity provider.

          • clientSecretstring

            The client secret used as part of authenticating an interactive identity provider.

          • discoveryUrlstring

            The OpenID configuration endpoint. (Ex: https:///.well-known/openid-configuration).

          • claimsMappingobject

            Mappings from claim name to an array of JSON pointers that point to locations in the claims from the IdP to retrieve the value from.

            Show claimsMapping properties
            • subarray of strings

              A list of JSON pointers used to map the user's subject.

            • namearray of strings

              A list of JSON pointers used to map the user's name.

            • emailarray of strings

              A list of JSON pointers used to map the user's email.

            • groupsarray of strings

              A list of JSON pointers used to map the user's groups.

            • localearray of strings

              A list of JSON pointers used to map the user's locale.

            • picturearray of strings

              A list of JSON pointers used to map the user's picture.

            • zoneinfoarray of strings

              A list of JSON pointers used to map the user's zoneinfo.

            • client_idarray of strings

              A list of JSON pointers used to map the user's client ID.

            • email_verifiedarray of strings

              A list of JSON pointers used to map the user's email_verified claim.
          • decryptingKeyobject

            A decrypting key used to decrypt OIDC encrypted assertions

            Show decryptingKey properties
            • jwksstring

              The public key in jwk format

            • keyIdstring

              The id of the decrypting key

            • keySizeinteger
              Required

              The algorithm size of the decrypting key

            • keyTypestring
              Required

              The algorithm type of the decrypting key

            • createdAtstring

              The timestamp for when the decrypting key was created.

              format = "date-time"

            • createdBystring

              The user id of the user who created the decrypting key

            • publicKeystring

              The public key in pem format

            • certificatestring

              The key's certificate in pem format
          • openid_configurationobject

            OpenID configuration

            Show openid_configuration properties
            • issuerstring
              Required

              OpenID Provider issuer

            • jwks_uristring
              Required

              URL of the OP's JSON Web Key Set [JWK] document

            • token_endpointstring
              Required

              OAuth 2.0 Token Endpoint

            • userinfo_endpointstring

              URL of the OP's UserInfo Endpoint

            • end_session_endpointstring

              URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.

            • authorization_endpointstring
              Required

              OAuth 2.0 Authorization Endpoint

            • introspection_endpointstring

              The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
          • blockOfflineAccessScopeboolean

            If true, the offline_access scope will not be requested from the IdP, where applicable.

          • emailVerifiedAlwaysTrueboolean

            Determines if email_verified should be always true. This field is only used in ADFS and AzureAD IdPs.
      • BaseIDPobject

        A SAML-compliant identity provider.

        Show BaseIDP properties
        • idstring

          The unique identifier for the IdP.

        • metaobject
        • activeboolean

          Indicates whether the IdP is available for use.

        • createdstring

          The timestamp for when the IdP was created.

          format = "date-time"

        • protocolstring

          The protocol to be used for communicating with the identity provider. Valid values are OIDC, SAML, jwtAuth, and qsefw-local-bearer-token.

          Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"

        • providerstring

          The identity provider to be used. If protocol is OIDC, the valid values are auth0, okta, generic, salesforce, keycloak, adfs, and azureAD. If protocol is jwtAuth, the valid value is external.

          Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"

        • tenantIdsarray of strings

          The tenant identifiers associated with the given IdP.

        • descriptionstring
        • interactiveboolean

          Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.

        • lastUpdatedstring

          The timestamp for when the IdP was last updated.

          format = "date-time"

        • clockToleranceSecinteger
        • createNewUsersOnLoginboolean

          When the flag is true, new users should be created when logging in for the first time.

        • postLogoutRedirectUristring

          Direct the user on logout to a specific URI.

        • optionsobject
          Show options properties
          • entityIdstring

            The entity URL for the SAML IdP.

          • signOnUrlstring

            The sign on URL for the SAML IdP.

          • signingKeysarray of objects

            Set of certificates used to sign SAMLRequest payloads. Not present in pendingOptions.

            Show signingKeys properties
            • refIdstring

              The reference ID for choosing this key pair.

            • certificatestring

              The certificate to be uploaded to the identity provider for verifying SAML requests.
          • certificatesarray of objects

            The certificates used for validating signed responses.

            Show certificates properties
            • namestring

              Given name for this certificate.

            • signatureboolean

              Indicates whether the certificate is used for the signature.

              default = true

            • encryptionboolean

              Indicates whether the certificate is used for encryption.

              default = false

            • certificatestring
              Required

              The X.509 certificate for validating signed SAML responses.
          • nameIdFormatstring

            The name identifier format that will be requested from the identity provider.

            Can be one of: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress""urn:oasis:names:tc:SAML:2.0:nameid-format:persistent""urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

          • claimsMappingobject

            Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.

            Show claimsMapping properties
            • subarray of strings
              Required

              A list of SAML attributes used to map the user's subject.

            • namearray of strings
              Required

              A list of SAML attributes used to map the user's name.

            • emailarray of strings
              Required

              A list of SAML attributes used to map the user's email.

            • groupsarray of strings
              Required

              A list of SAML attributes used to map the user's groups.

            • picturearray of strings
              Required

              A list of SAML attributes used to map the user's picture.
          • allowIdpInitiatedLoginboolean

            Toggle to allow IdP initated login by the SAML IdP.

          • signingKeySelectedRefIdstring

            The reference ID of the chosen signing key pair.
        • pendingStatestring

          The state of pendingOptions. This represents the latest IdP test result.

          Can be one of: "verified""pending""error"

        • pendingResultobject
          Show pendingResult properties
          • errorstring

            A unique readable error message based on the error that has occurred.

          • statusstring
            Required

            The status of the IdP configuration being tested.

            Can be one of: "success""pending""error""claimsError""callbackError""tokenError""protocolError""networkError""configChangedDuringTestError"

          • startedstring

            The timestamp for when the test was started for an IdP configuration. This field is only available during lifespan of the test.

            format = "date-time"

          • protocolstring

            The protocol used to communicate with the IdP during the test flow.

            Can be one of: "OIDC""SAML"

          • idpClaimsobject

            The claims retrieved from the external IdP.

          • oauth2Errorobject
            Show oauth2Error properties
            • errorstring
              Required

              An error code to identity the authentication error.

            • errorURIstring

              An optional URI that includes additional information about the given error.

            • errorDescriptionstring

              An optional human-readable description for the given error code.
          • resultantClaimsobject

            The resultant claims based on the claims received from the external IdP.
        • pendingOptionsobject
          Show pendingOptions properties
          • entityIdstring

            The entity URL for the SAML IdP.

          • signOnUrlstring

            The sign on URL for the SAML IdP.

          • signingKeysarray of objects

            Set of certificates used to sign SAMLRequest payloads. Not present in pendingOptions.

            Show signingKeys properties
            • refIdstring

              The reference ID for choosing this key pair.

            • certificatestring

              The certificate to be uploaded to the identity provider for verifying SAML requests.
          • certificatesarray of objects

            The certificates used for validating signed responses.

            Show certificates properties
            • namestring

              Given name for this certificate.

            • signatureboolean

              Indicates whether the certificate is used for the signature.

              default = true

            • encryptionboolean

              Indicates whether the certificate is used for encryption.

              default = false

            • certificatestring
              Required

              The X.509 certificate for validating signed SAML responses.
          • nameIdFormatstring

            The name identifier format that will be requested from the identity provider.

            Can be one of: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress""urn:oasis:names:tc:SAML:2.0:nameid-format:persistent""urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

          • claimsMappingobject

            Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.

            Show claimsMapping properties
            • subarray of strings
              Required

              A list of SAML attributes used to map the user's subject.

            • namearray of strings
              Required

              A list of SAML attributes used to map the user's name.

            • emailarray of strings
              Required

              A list of SAML attributes used to map the user's email.

            • groupsarray of strings
              Required

              A list of SAML attributes used to map the user's groups.

            • picturearray of strings
              Required

              A list of SAML attributes used to map the user's picture.
          • allowIdpInitiatedLoginboolean

            Toggle to allow IdP initated login by the SAML IdP.

          • signingKeySelectedRefIdstring

            The reference ID of the chosen signing key pair.
      • BaseIDPobject

        An identity provider for JWT authentication.

        Show BaseIDP properties
        • idstring

          The unique identifier for the IdP.

        • metaobject
        • activeboolean

          Indicates whether the IdP is available for use.

        • createdstring

          The timestamp for when the IdP was created.

          format = "date-time"

        • protocolstring

          The protocol to be used for communicating with the identity provider. Valid values are OIDC, SAML, jwtAuth, and qsefw-local-bearer-token.

          Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"

        • providerstring

          The identity provider to be used. If protocol is OIDC, the valid values are auth0, okta, generic, salesforce, keycloak, adfs, and azureAD. If protocol is jwtAuth, the valid value is external.

          Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"

        • tenantIdsarray of strings

          The tenant identifiers associated with the given IdP.

        • descriptionstring
        • interactiveboolean

          Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.

        • lastUpdatedstring

          The timestamp for when the IdP was last updated.

          format = "date-time"

        • clockToleranceSecinteger
        • createNewUsersOnLoginboolean

          When the flag is true, new users should be created when logging in for the first time.

        • postLogoutRedirectUristring

          Direct the user on logout to a specific URI.

        • optionsobject
          Show options properties
          • issuerstring

            The expected JWT issuer

          • staticKeysarray of objects
            Show staticKeys properties
            • kidstring

              Key ID used to sign the JWTs.

            • pemstring

              Pem-encoded public key for verifying the JWTs.
    • linksobject

      Contains pagination links.

      Show links properties
      • nextobject
        Show next properties
        • hrefstring

          Link to the next page of items.
      • prevobject
        Show prev properties
        • hrefstring

          Link to the previous page of items.
      • selfobject
        Show self properties
        • hrefstring

          Link to the current page of items.

404

application/json

Not Found

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.
GET /v1/identity-providers 
curl "https://your-tenant.us.qlikcloud.com/api/v1/identity-providers" \
-H "Authorization: Bearer <access_token>"

const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/identity-providers',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
  

qlik identity-provider ls

Response

{
  "data": [
    {
      "id": "string",
      "meta": {},
      "active": true,
      "created": "2018-10-30T07:06:22Z",
      "protocol": "OIDC",
      "provider": "auth0",
      "tenantIds": [
        "string"
      ],
      "description": "string",
      "interactive": true,
      "lastUpdated": "2018-10-30T07:06:22Z",
      "clockToleranceSec": 42,
      "createNewUsersOnLogin": true,
      "postLogoutRedirectUri": "string",
      "options": {
        "realm": "string",
        "scope": "string",
        "issuer": "string",
        "clientId": "string",
        "clientSecret": "string",
        "discoveryUrl": "string",
        "claimsMapping": {
          "sub": [
            "string"
          ],
          "name": [
            "string"
          ],
          "email": [
            "string"
          ],
          "groups": [
            "string"
          ],
          "locale": [
            "string"
          ],
          "picture": [
            "string"
          ],
          "zoneinfo": [
            "string"
          ],
          "client_id": [
            "string"
          ],
          "email_verified": [
            "string"
          ]
        },
        "decryptingKey": {
          "jwks": "string",
          "keyId": "string",
          "keySize": 42,
          "keyType": "string",
          "createdAt": "2018-10-30T07:06:22Z",
          "createdBy": "string",
          "publicKey": "string",
          "certificate": "string"
        },
        "openid_configuration": {
          "issuer": "string",
          "jwks_uri": "string",
          "token_endpoint": "string",
          "userinfo_endpoint": "string",
          "end_session_endpoint": "string",
          "authorization_endpoint": "string",
          "introspection_endpoint": "string"
        },
        "blockOfflineAccessScope": true,
        "emailVerifiedAlwaysTrue": true
      },
      "pendingState": "verified",
      "pendingResult": {
        "error": "string",
        "status": "success",
        "started": "2018-10-30T07:06:22Z",
        "protocol": "OIDC",
        "idpClaims": {},
        "oauth2Error": {
          "error": "string",
          "errorURI": "string",
          "errorDescription": "string"
        },
        "resultantClaims": {}
      },
      "pendingOptions": {
        "realm": "string",
        "scope": "string",
        "issuer": "string",
        "clientId": "string",
        "clientSecret": "string",
        "discoveryUrl": "string",
        "claimsMapping": {
          "sub": [
            "string"
          ],
          "name": [
            "string"
          ],
          "email": [
            "string"
          ],
          "groups": [
            "string"
          ],
          "locale": [
            "string"
          ],
          "picture": [
            "string"
          ],
          "zoneinfo": [
            "string"
          ],
          "client_id": [
            "string"
          ],
          "email_verified": [
            "string"
          ]
        },
        "decryptingKey": {
          "jwks": "string",
          "keyId": "string",
          "keySize": 42,
          "keyType": "string",
          "createdAt": "2018-10-30T07:06:22Z",
          "createdBy": "string",
          "publicKey": "string",
          "certificate": "string"
        },
        "openid_configuration": {
          "issuer": "string",
          "jwks_uri": "string",
          "token_endpoint": "string",
          "userinfo_endpoint": "string",
          "end_session_endpoint": "string",
          "authorization_endpoint": "string",
          "introspection_endpoint": "string"
        },
        "blockOfflineAccessScope": true,
        "emailVerifiedAlwaysTrue": true
      }
    }
  ],
  "links": {
    "next": {
      "href": "string"
    },
    "prev": {
      "href": "string"
    },
    "self": {
      "href": "string"
    }
  }
}

Create a new IdP

Creates a new IdP on a tenant. Requesting user must be assigned the TenantAdmin role. For non-interactive IdPs (e.g. JWT), IdP must be created by sending options payload. For interactive IdPs (e.g. SAML or OIDC), send pendingOptions payload to require the interactive verification step; or send options payload with skipVerify set to true to skip validation step and make IdP immediately available.

Facts

Rate limit Tier 2 (100 requests per minute)
Categories manage

Request Body

application/json

Attributes that the user wants to set for a new identity provider resource.

  • application/jsonobject
    One of:
    • CreateOIDCPayloadobject

      Payload for creating an OIDC-compatible identity provider.

      Show CreateOIDCPayload properties
      • optionsobject

        Required OIDC configurations for non-interactive IdPs and interactive IdPs with skipVerify flag enabled.

        Show options properties
        • realmstring

          The realm identifier for the IdP.

          maxLength = 254, pattern = "^[A-Za-z0-9][A-Za-z0-9.\-_]+$"

        • audiencestring

          Allows for setting audience in access tokens.

          maxLength = 256

        • discoveryUrlstring

          The OpenID configuration endpoint. (Ex: https:///.well-known/openid-configuration). Required if openid_configuration is not given.

        • claimsMappingobject
          Required

          Mappings from claim name to an array of JSON pointers that point to locations in the claims from the IdP to retrieve the value from.

          Show claimsMapping properties
          • subarray of strings

            A list of JSON pointers used to map the user's subject.

          • client_idarray of strings

            A list of JSON pointers used to map the user's client ID.
        • allowedClientIdsarray of strings

          Only clients with IDs in this list will be allowed API access. A blank list or empty value means any client IDs authenticated against the IdP will be allowed access.

        • openid_configurationobject

          OpenID configuration

          Show openid_configuration properties
          • issuerstring
            Required

            OpenID Provider issuer

          • jwks_uristring
            Required

            URL of the OP's JSON Web Key Set [JWK] document

          • token_endpointstring
            Required

            OAuth 2.0 Token Endpoint

          • userinfo_endpointstring

            URL of the OP's UserInfo Endpoint

          • end_session_endpointstring

            URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.

          • authorization_endpointstring
            Required

            OAuth 2.0 Authorization Endpoint

          • introspection_endpointstring

            The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
      • protocolstring
        Required

        The protocol to be used for communicating with the identity provider.

        Can be one of: "OIDC"

      • providerstring
        Required

        The identity provider to be used.

        Can be one of: "auth0""okta""generic""salesforce""keycloak""adfs""azureAD"

      • tenantIdsarray of strings

        The tenant identifiers that map to the given IdP.

      • skipVerifyboolean

        If set to true, skips IdP verification process and assumes the IdP is verified.

        default = false

      • descriptionstring

        maxLength = 128

      • interactiveboolean
        Required

        Indicates whether the IdP is meant for interactive login.

        default = false

      • pendingOptionsobject

        Required OIDC configurations for interactive IdPs that require verification.

        Show pendingOptions properties
        • realmstring

          The realm identifier for the IdP.

          maxLength = 254, pattern = "^[A-Za-z0-9][A-Za-z0-9.\-_]+$"

        • scopestring

          Scope which will be sent along with token requests to the IdP. Scopes should be space delimited. Will default to certain values depending on the IdP provider.

          maxLength = 254

        • clientIdstring
          Required

          The client identifier used as part of authenticating an interactive identity provider.

        • clientSecretstring
          Required

          The client secret used as part of authenticating an interactive identity provider.

        • discoveryUrlstring

          The OpenID configuration endpoint. (Ex: https:///.well-known/openid-configuration). Required if openid_configuration is not given.

        • claimsMappingobject
          Required

          Mappings from claim name to an array of JSON pointers that point to locations in the claims from the IdP to retrieve the value from.

          Show claimsMapping properties
          • subarray of strings

            A list of JSON pointers used to map the user's subject.

          • namearray of strings

            A list of JSON pointers used to map the user's name.

          • emailarray of strings

            A list of JSON pointers used to map the user's email.

          • groupsarray of strings

            A list of JSON pointers used to map the user's groups.

          • localearray of strings

            A list of JSON pointers used to map the user's locale.

          • picturearray of strings

            A list of JSON pointers used to map the user's picture.

          • zoneinfoarray of strings

            A list of JSON pointers used to map the user's zoneinfo.

          • client_idarray of strings

            A list of JSON pointers used to map the user's client ID.

          • email_verifiedarray of strings

            A list of JSON pointers used to map the user's email_verified claim.
        • decryptingKeyobject

          A decrypting key used to decrypt OIDC encrypted assertions

          Show decryptingKey properties
          • jwksstring

            The public key in jwk format

          • keyIdstring

            The id of the decrypting key

          • keySizeinteger
            Required

            The algorithm size of the decrypting key

          • keyTypestring
            Required

            The algorithm type of the decrypting key

          • createdAtstring

            The timestamp for when the decrypting key was created.

            format = "date-time"

          • createdBystring

            The user id of the user who created the decrypting key

          • publicKeystring

            The public key in pem format

          • certificatestring

            The key's certificate in pem format
        • idTokenSignatureAlgstring

          The algorithm used to sign the ID token. The default algorithm is RS256.

          Can be one of: "RS256""RS512"

          default = "RS256"

        • openid_configurationobject

          OpenID configuration

          Show openid_configuration properties
          • issuerstring
            Required

            OpenID Provider issuer

          • jwks_uristring
            Required

            URL of the OP's JSON Web Key Set [JWK] document

          • token_endpointstring
            Required

            OAuth 2.0 Token Endpoint

          • userinfo_endpointstring

            URL of the OP's UserInfo Endpoint

          • end_session_endpointstring

            URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.

          • authorization_endpointstring
            Required

            OAuth 2.0 Authorization Endpoint

          • introspection_endpointstring

            The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
        • useClaimsFromIdTokenboolean

          If true, will use the claims from the ID token. By default it is set to true for ADFS and AzureAD.

        • blockOfflineAccessScopeboolean

          When true, the offline_access scope will not be requested from the IdP where applicable.

        • emailVerifiedAlwaysTrueboolean

          Only ADFS and AzureAD IdPs can set this property. For ADFS and AzureAD, it defaults to false. For other IdPs, it defaults to undefined.
      • clockToleranceSecinteger

        There can be clock skew between the IdP and Qlik's login server. In these cases, a tolerance can be set.

        minimum = 0, maximum = 7200, default = 5, default = 5

      • createNewUsersOnLoginboolean

        Tells the consumer of the IdP that new users should be created on login if they don't exist.

        default = true

      • postLogoutRedirectUristring

        Direct the user on logout to a specific URI.

        maxLength = 2083

    • CreateJWTAuthPayloadobject

      Payload for creating an identity provider using JWT authentication.

      Show CreateJWTAuthPayload properties
      • optionsobject
        Required

        Required IdP configurations.

        Show options properties
        • issuerstring
          Required

          The JWT issuer.

        • staticKeysarray of objects
          Required

          Keys for verifying JWTs. Limited to 1 key per identity provider.

          Show staticKeys properties
          • kidstring
            Required

            Key ID used to sign the JWTs.

          • pemstring
            Required

            Pem-encoded public key for verifying the JWTs.
      • protocolstring
        Required

        The protocol to be used for communicating with the identity provider.

        Can be one of: "jwtAuth"

      • providerstring
        Required

        The identity provider to be used.

        Can be one of: "external"

      • tenantIdsarray of strings

        The tenant identifiers that map to the given IdP.

      • descriptionstring

        maxLength = 128

      • clockToleranceSecinteger

        There can be clock skew between the IdP and Qlik's login server. In these cases, a tolerance can be set.

        minimum = 0, maximum = 7200, default = 5, default = 5

    • CreateSAMLPayloadobject

      Payload for creating a SAML compatible identity provider.

      Show CreateSAMLPayload properties
      • optionsobject

        Required SAML configurations for IdPs with skipVerify flag enabled.

        Show options properties
        • entityIdstring

          The entity ID for the SAML IdP. Required if metadata is not provided.

        • metadataobject

          Metadata for the SAML IdP. Required if individual SAML parameters are not provided.

          Show metadata properties
          • rawstring
            Required

            The IDP metadata XML in base64-encoded format.

            format = "byte"

        • signOnUrlstring

          The sign on URL for the SAML IdP. Required if metadata is not provided.

        • certificatesarray of objects

          The certificates used for validating signed responses. Required if metadata is not provided.

          minItems = 1, maxItems = 5

          Show certificates properties
          • namestring

            Given name for this certificate.

          • signatureboolean

            Indicates whether the certificate is used for the signature.

            default = true

          • encryptionboolean

            Indicates whether the certificate is used for encryption.

            default = false

          • certificatestring
            Required

            The X.509 certificate for validating signed SAML responses.
        • nameIdFormatstring

          The name identifier format that will be requested from the identity provider.

          Can be one of: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress""urn:oasis:names:tc:SAML:2.0:nameid-format:persistent""urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

        • claimsMappingobject
          Required

          Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.

          Show claimsMapping properties
          • subarray of strings
            Required

            A list of SAML attributes used to map the user's subject.

          • namearray of strings
            Required

            A list of SAML attributes used to map the user's name.

          • emailarray of strings
            Required

            A list of SAML attributes used to map the user's email.

          • groupsarray of strings
            Required

            A list of SAML attributes used to map the user's groups.

          • picturearray of strings
            Required

            A list of SAML attributes used to map the user's picture.
        • allowIdpInitiatedLoginboolean

          Toggle to allow IdP initated login by the SAML IdP.

          default = false

      • protocolstring
        Required

        The protocol to be used for communicating with the identity provider.

        Can be one of: "SAML"

      • providerstring
        Required

        The identity provider to be used.

        Can be one of: "okta""generic""adfs""azureAD"

      • tenantIdsarray of strings

        The tenant identifiers that map to the given IdP.

      • skipVerifyboolean

        If set to true, skips IdP verification process and assumes the IdP is verified.

        default = false

      • descriptionstring

        maxLength = 128

      • interactiveboolean
        Required

        Indicates whether the IdP is meant for interactive login. Must be true for SAML IdPs.

      • pendingOptionsobject

        Required configurations for SAML IdPs that require verification.

        Show pendingOptions properties
        • entityIdstring

          The entity ID for the SAML IdP. Required if metadata is not provided.

        • metadataobject

          Metadata for the SAML IdP. Required if individual SAML parameters are not provided.

          Show metadata properties
          • rawstring
            Required

            The IDP metadata XML in base64-encoded format.

            format = "byte"

        • signOnUrlstring

          The sign on URL for the SAML IdP. Required if metadata is not provided.

        • certificatesarray of objects

          The certificates used for validating signed responses. Required if metadata is not provided.

          Show certificates properties
          • namestring

            Given name for this certificate.

          • signatureboolean

            Indicates whether the certificate is used for the signature.

            default = true

          • encryptionboolean

            Indicates whether the certificate is used for encryption.

            default = false

          • certificatestring
            Required

            The X.509 certificate for validating signed SAML responses.
        • nameIdFormatstring

          The name identifier format that will be requested from the identity provider.

          Can be one of: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress""urn:oasis:names:tc:SAML:2.0:nameid-format:persistent""urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

        • claimsMappingobject
          Required

          Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.

          Show claimsMapping properties
          • subarray of strings
            Required

            A list of SAML attributes used to map the user's subject.

          • namearray of strings
            Required

            A list of SAML attributes used to map the user's name.

          • emailarray of strings
            Required

            A list of SAML attributes used to map the user's email.

          • groupsarray of strings
            Required

            A list of SAML attributes used to map the user's groups.

          • picturearray of strings
            Required

            A list of SAML attributes used to map the user's picture.
        • allowIdpInitiatedLoginboolean

          Toggle to allow IdP initated login by the SAML IdP.

          default = false

      • clockToleranceSecinteger

        There can be clock skew between the IdP and Qlik's login server. In these cases, a tolerance can be set.

        minimum = 0, maximum = 7200, default = 5, default = 5

      • createNewUsersOnLoginboolean

        Tells the consumer of the IdP that new users should be created on login if they don't exist.

        default = true

      • postLogoutRedirectUristring

        Direct the user on logout to a specific URI.

        maxLength = 2083

Responses

201

application/json

Created

  • application/jsonobject
    One of:
    • BaseIDPobject

      An OIDC-compliant identity provider.

      Show BaseIDP properties
      • idstring

        The unique identifier for the IdP.

      • metaobject
      • activeboolean

        Indicates whether the IdP is available for use.

      • createdstring

        The timestamp for when the IdP was created.

        format = "date-time"

      • protocolstring

        The protocol to be used for communicating with the identity provider. Valid values are OIDC, SAML, jwtAuth, and qsefw-local-bearer-token.

        Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"

      • providerstring

        The identity provider to be used. If protocol is OIDC, the valid values are auth0, okta, generic, salesforce, keycloak, adfs, and azureAD. If protocol is jwtAuth, the valid value is external.

        Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"

      • tenantIdsarray of strings

        The tenant identifiers associated with the given IdP.

      • descriptionstring
      • interactiveboolean

        Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.

      • lastUpdatedstring

        The timestamp for when the IdP was last updated.

        format = "date-time"

      • clockToleranceSecinteger
      • createNewUsersOnLoginboolean

        When the flag is true, new users should be created when logging in for the first time.

      • postLogoutRedirectUristring

        Direct the user on logout to a specific URI.

      • optionsobject
        Show options properties
        • realmstring

          The realm identifier for the IdP.

        • scopestring

          Scope that will be sent along with token requests to the IdP.

        • issuerstring

          This field is only used in Qlik Sense Enterprise Client-Managed IdPs.

        • clientIdstring

          The client identifier used as part of authenticating an interactive identity provider.

        • clientSecretstring

          The client secret used as part of authenticating an interactive identity provider.

        • discoveryUrlstring

          The OpenID configuration endpoint. (Ex: https:///.well-known/openid-configuration).

        • claimsMappingobject

          Mappings from claim name to an array of JSON pointers that point to locations in the claims from the IdP to retrieve the value from.

          Show claimsMapping properties
          • subarray of strings

            A list of JSON pointers used to map the user's subject.

          • namearray of strings

            A list of JSON pointers used to map the user's name.

          • emailarray of strings

            A list of JSON pointers used to map the user's email.

          • groupsarray of strings

            A list of JSON pointers used to map the user's groups.

          • localearray of strings

            A list of JSON pointers used to map the user's locale.

          • picturearray of strings

            A list of JSON pointers used to map the user's picture.

          • zoneinfoarray of strings

            A list of JSON pointers used to map the user's zoneinfo.

          • client_idarray of strings

            A list of JSON pointers used to map the user's client ID.

          • email_verifiedarray of strings

            A list of JSON pointers used to map the user's email_verified claim.
        • decryptingKeyobject

          A decrypting key used to decrypt OIDC encrypted assertions

          Show decryptingKey properties
          • jwksstring

            The public key in jwk format

          • keyIdstring

            The id of the decrypting key

          • keySizeinteger
            Required

            The algorithm size of the decrypting key

          • keyTypestring
            Required

            The algorithm type of the decrypting key

          • createdAtstring

            The timestamp for when the decrypting key was created.

            format = "date-time"

          • createdBystring

            The user id of the user who created the decrypting key

          • publicKeystring

            The public key in pem format

          • certificatestring

            The key's certificate in pem format
        • openid_configurationobject

          OpenID configuration

          Show openid_configuration properties
          • issuerstring
            Required

            OpenID Provider issuer

          • jwks_uristring
            Required

            URL of the OP's JSON Web Key Set [JWK] document

          • token_endpointstring
            Required

            OAuth 2.0 Token Endpoint

          • userinfo_endpointstring

            URL of the OP's UserInfo Endpoint

          • end_session_endpointstring

            URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.

          • authorization_endpointstring
            Required

            OAuth 2.0 Authorization Endpoint

          • introspection_endpointstring

            The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
        • blockOfflineAccessScopeboolean

          If true, the offline_access scope will not be requested from the IdP, where applicable.

        • emailVerifiedAlwaysTrueboolean

          Determines if email_verified should be always true. This field is only used in ADFS and AzureAD IdPs.
      • pendingStatestring

        The state of pendingOptions. This represents the latest IdP test result.

        Can be one of: "verified""pending""error"

      • pendingResultobject
        Show pendingResult properties
        • errorstring

          A unique readable error message based on the error that has occurred.

        • statusstring
          Required

          The status of the IdP configuration being tested.

          Can be one of: "success""pending""error""claimsError""callbackError""tokenError""protocolError""networkError""configChangedDuringTestError"

        • startedstring

          The timestamp for when the test was started for an IdP configuration. This field is only available during lifespan of the test.

          format = "date-time"

        • protocolstring

          The protocol used to communicate with the IdP during the test flow.

          Can be one of: "OIDC""SAML"

        • idpClaimsobject

          The claims retrieved from the external IdP.

        • oauth2Errorobject
          Show oauth2Error properties
          • errorstring
            Required

            An error code to identity the authentication error.

          • errorURIstring

            An optional URI that includes additional information about the given error.

          • errorDescriptionstring

            An optional human-readable description for the given error code.
        • resultantClaimsobject

          The resultant claims based on the claims received from the external IdP.
      • pendingOptionsobject
        Show pendingOptions properties
        • realmstring

          The realm identifier for the IdP.

        • scopestring

          Scope that will be sent along with token requests to the IdP.

        • issuerstring

          This field is only used in Qlik Sense Enterprise Client-Managed IdPs.

        • clientIdstring

          The client identifier used as part of authenticating an interactive identity provider.

        • clientSecretstring

          The client secret used as part of authenticating an interactive identity provider.

        • discoveryUrlstring

          The OpenID configuration endpoint. (Ex: https:///.well-known/openid-configuration).

        • claimsMappingobject

          Mappings from claim name to an array of JSON pointers that point to locations in the claims from the IdP to retrieve the value from.

          Show claimsMapping properties
          • subarray of strings

            A list of JSON pointers used to map the user's subject.

          • namearray of strings

            A list of JSON pointers used to map the user's name.

          • emailarray of strings

            A list of JSON pointers used to map the user's email.

          • groupsarray of strings

            A list of JSON pointers used to map the user's groups.

          • localearray of strings

            A list of JSON pointers used to map the user's locale.

          • picturearray of strings

            A list of JSON pointers used to map the user's picture.

          • zoneinfoarray of strings

            A list of JSON pointers used to map the user's zoneinfo.

          • client_idarray of strings

            A list of JSON pointers used to map the user's client ID.

          • email_verifiedarray of strings

            A list of JSON pointers used to map the user's email_verified claim.
        • decryptingKeyobject

          A decrypting key used to decrypt OIDC encrypted assertions

          Show decryptingKey properties
          • jwksstring

            The public key in jwk format

          • keyIdstring

            The id of the decrypting key

          • keySizeinteger
            Required

            The algorithm size of the decrypting key

          • keyTypestring
            Required

            The algorithm type of the decrypting key

          • createdAtstring

            The timestamp for when the decrypting key was created.

            format = "date-time"

          • createdBystring

            The user id of the user who created the decrypting key

          • publicKeystring

            The public key in pem format

          • certificatestring

            The key's certificate in pem format
        • openid_configurationobject

          OpenID configuration

          Show openid_configuration properties
          • issuerstring
            Required

            OpenID Provider issuer

          • jwks_uristring
            Required

            URL of the OP's JSON Web Key Set [JWK] document

          • token_endpointstring
            Required

            OAuth 2.0 Token Endpoint

          • userinfo_endpointstring

            URL of the OP's UserInfo Endpoint

          • end_session_endpointstring

            URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.

          • authorization_endpointstring
            Required

            OAuth 2.0 Authorization Endpoint

          • introspection_endpointstring

            The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
        • blockOfflineAccessScopeboolean

          If true, the offline_access scope will not be requested from the IdP, where applicable.

        • emailVerifiedAlwaysTrueboolean

          Determines if email_verified should be always true. This field is only used in ADFS and AzureAD IdPs.
    • BaseIDPobject

      A SAML-compliant identity provider.

      Show BaseIDP properties
      • idstring

        The unique identifier for the IdP.

      • metaobject
      • activeboolean

        Indicates whether the IdP is available for use.

      • createdstring

        The timestamp for when the IdP was created.

        format = "date-time"

      • protocolstring

        The protocol to be used for communicating with the identity provider. Valid values are OIDC, SAML, jwtAuth, and qsefw-local-bearer-token.

        Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"

      • providerstring

        The identity provider to be used. If protocol is OIDC, the valid values are auth0, okta, generic, salesforce, keycloak, adfs, and azureAD. If protocol is jwtAuth, the valid value is external.

        Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"

      • tenantIdsarray of strings

        The tenant identifiers associated with the given IdP.

      • descriptionstring
      • interactiveboolean

        Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.

      • lastUpdatedstring

        The timestamp for when the IdP was last updated.

        format = "date-time"

      • clockToleranceSecinteger
      • createNewUsersOnLoginboolean

        When the flag is true, new users should be created when logging in for the first time.

      • postLogoutRedirectUristring

        Direct the user on logout to a specific URI.

      • optionsobject
        Show options properties
        • entityIdstring

          The entity URL for the SAML IdP.

        • signOnUrlstring

          The sign on URL for the SAML IdP.

        • signingKeysarray of objects

          Set of certificates used to sign SAMLRequest payloads. Not present in pendingOptions.

          Show signingKeys properties
          • refIdstring

            The reference ID for choosing this key pair.

          • certificatestring

            The certificate to be uploaded to the identity provider for verifying SAML requests.
        • certificatesarray of objects

          The certificates used for validating signed responses.

          Show certificates properties
          • namestring

            Given name for this certificate.

          • signatureboolean

            Indicates whether the certificate is used for the signature.

            default = true

          • encryptionboolean

            Indicates whether the certificate is used for encryption.

            default = false

          • certificatestring
            Required

            The X.509 certificate for validating signed SAML responses.
        • nameIdFormatstring

          The name identifier format that will be requested from the identity provider.

          Can be one of: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress""urn:oasis:names:tc:SAML:2.0:nameid-format:persistent""urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

        • claimsMappingobject

          Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.

          Show claimsMapping properties
          • subarray of strings
            Required

            A list of SAML attributes used to map the user's subject.

          • namearray of strings
            Required

            A list of SAML attributes used to map the user's name.

          • emailarray of strings
            Required

            A list of SAML attributes used to map the user's email.

          • groupsarray of strings
            Required

            A list of SAML attributes used to map the user's groups.

          • picturearray of strings
            Required

            A list of SAML attributes used to map the user's picture.
        • allowIdpInitiatedLoginboolean

          Toggle to allow IdP initated login by the SAML IdP.

        • signingKeySelectedRefIdstring

          The reference ID of the chosen signing key pair.
      • pendingStatestring

        The state of pendingOptions. This represents the latest IdP test result.

        Can be one of: "verified""pending""error"

      • pendingResultobject
        Show pendingResult properties
        • errorstring

          A unique readable error message based on the error that has occurred.

        • statusstring
          Required

          The status of the IdP configuration being tested.

          Can be one of: "success""pending""error""claimsError""callbackError""tokenError""protocolError""networkError""configChangedDuringTestError"

        • startedstring

          The timestamp for when the test was started for an IdP configuration. This field is only available during lifespan of the test.

          format = "date-time"

        • protocolstring

          The protocol used to communicate with the IdP during the test flow.

          Can be one of: "OIDC""SAML"

        • idpClaimsobject

          The claims retrieved from the external IdP.

        • oauth2Errorobject
          Show oauth2Error properties
          • errorstring
            Required

            An error code to identity the authentication error.

          • errorURIstring

            An optional URI that includes additional information about the given error.

          • errorDescriptionstring

            An optional human-readable description for the given error code.
        • resultantClaimsobject

          The resultant claims based on the claims received from the external IdP.
      • pendingOptionsobject
        Show pendingOptions properties
        • entityIdstring

          The entity URL for the SAML IdP.

        • signOnUrlstring

          The sign on URL for the SAML IdP.

        • signingKeysarray of objects

          Set of certificates used to sign SAMLRequest payloads. Not present in pendingOptions.

          Show signingKeys properties
          • refIdstring

            The reference ID for choosing this key pair.

          • certificatestring

            The certificate to be uploaded to the identity provider for verifying SAML requests.
        • certificatesarray of objects

          The certificates used for validating signed responses.

          Show certificates properties
          • namestring

            Given name for this certificate.

          • signatureboolean

            Indicates whether the certificate is used for the signature.

            default = true

          • encryptionboolean

            Indicates whether the certificate is used for encryption.

            default = false

          • certificatestring
            Required

            The X.509 certificate for validating signed SAML responses.
        • nameIdFormatstring

          The name identifier format that will be requested from the identity provider.

          Can be one of: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress""urn:oasis:names:tc:SAML:2.0:nameid-format:persistent""urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

        • claimsMappingobject

          Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.

          Show claimsMapping properties
          • subarray of strings
            Required

            A list of SAML attributes used to map the user's subject.

          • namearray of strings
            Required

            A list of SAML attributes used to map the user's name.

          • emailarray of strings
            Required

            A list of SAML attributes used to map the user's email.

          • groupsarray of strings
            Required

            A list of SAML attributes used to map the user's groups.

          • picturearray of strings
            Required

            A list of SAML attributes used to map the user's picture.
        • allowIdpInitiatedLoginboolean

          Toggle to allow IdP initated login by the SAML IdP.

        • signingKeySelectedRefIdstring

          The reference ID of the chosen signing key pair.
    • BaseIDPobject

      An identity provider for JWT authentication.

      Show BaseIDP properties
      • idstring

        The unique identifier for the IdP.

      • metaobject
      • activeboolean

        Indicates whether the IdP is available for use.

      • createdstring

        The timestamp for when the IdP was created.

        format = "date-time"

      • protocolstring

        The protocol to be used for communicating with the identity provider. Valid values are OIDC, SAML, jwtAuth, and qsefw-local-bearer-token.

        Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"

      • providerstring

        The identity provider to be used. If protocol is OIDC, the valid values are auth0, okta, generic, salesforce, keycloak, adfs, and azureAD. If protocol is jwtAuth, the valid value is external.

        Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"

      • tenantIdsarray of strings

        The tenant identifiers associated with the given IdP.

      • descriptionstring
      • interactiveboolean

        Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.

      • lastUpdatedstring

        The timestamp for when the IdP was last updated.

        format = "date-time"

      • clockToleranceSecinteger
      • createNewUsersOnLoginboolean

        When the flag is true, new users should be created when logging in for the first time.

      • postLogoutRedirectUristring

        Direct the user on logout to a specific URI.

      • optionsobject
        Show options properties
        • issuerstring

          The expected JWT issuer

        • staticKeysarray of objects
          Show staticKeys properties
          • kidstring

            Key ID used to sign the JWTs.

          • pemstring

            Pem-encoded public key for verifying the JWTs.

400

application/json

Bad Request

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.

403

application/json

Forbidden. User missing TenantAdmin role, or the tenantID in the JWT does not match any of the tenantIDs in the payload.

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.
POST /v1/identity-providers 
curl "https://your-tenant.us.qlikcloud.com/api/v1/identity-providers" \
-X POST \
-H "Content-type: application/json" \
-H "Authorization: Bearer <access_token>" \
-d '{"options":{"realm":"string","audience":"string","discoveryUrl":"string","claimsMapping":{"sub":["string"],"client_id":["string"]},"allowedClientIds":["string"],"openid_configuration":{"issuer":"string","jwks_uri":"string","token_endpoint":"string","userinfo_endpoint":"string","end_session_endpoint":"string","authorization_endpoint":"string","introspection_endpoint":"string"}},"protocol":"OIDC","provider":"auth0","tenantIds":["string"],"skipVerify":false,"description":"string","interactive":false,"pendingOptions":{"realm":"string","scope":"string","clientId":"string","clientSecret":"string","discoveryUrl":"string","claimsMapping":{"sub":["string"],"name":["string"],"email":["string"],"groups":["string"],"locale":["string"],"picture":["string"],"zoneinfo":["string"],"client_id":["string"],"email_verified":["string"]},"decryptingKey":{"jwks":"string","keyId":"string","keySize":42,"keyType":"string","createdAt":"2018-10-30T07:06:22Z","createdBy":"string","publicKey":"string","certificate":"string"},"idTokenSignatureAlg":"RS256","openid_configuration":{"issuer":"string","jwks_uri":"string","token_endpoint":"string","userinfo_endpoint":"string","end_session_endpoint":"string","authorization_endpoint":"string","introspection_endpoint":"string"},"useClaimsFromIdToken":true,"blockOfflineAccessScope":true,"emailVerifiedAlwaysTrue":true},"clockToleranceSec":5,"createNewUsersOnLogin":true,"postLogoutRedirectUri":"string"}'

const https = require('https')
  const data = JSON.stringify({"options":{"realm":"string","audience":"string","discoveryUrl":"string","claimsMapping":{"sub":["string"],"client_id":["string"]},"allowedClientIds":["string"],"openid_configuration":{"issuer":"string","jwks_uri":"string","token_endpoint":"string","userinfo_endpoint":"string","end_session_endpoint":"string","authorization_endpoint":"string","introspection_endpoint":"string"}},"protocol":"OIDC","provider":"auth0","tenantIds":["string"],"skipVerify":false,"description":"string","interactive":false,"pendingOptions":{"realm":"string","scope":"string","clientId":"string","clientSecret":"string","discoveryUrl":"string","claimsMapping":{"sub":["string"],"name":["string"],"email":["string"],"groups":["string"],"locale":["string"],"picture":["string"],"zoneinfo":["string"],"client_id":["string"],"email_verified":["string"]},"decryptingKey":{"jwks":"string","keyId":"string","keySize":42,"keyType":"string","createdAt":"2018-10-30T07:06:22Z","createdBy":"string","publicKey":"string","certificate":"string"},"idTokenSignatureAlg":"RS256","openid_configuration":{"issuer":"string","jwks_uri":"string","token_endpoint":"string","userinfo_endpoint":"string","end_session_endpoint":"string","authorization_endpoint":"string","introspection_endpoint":"string"},"useClaimsFromIdToken":true,"blockOfflineAccessScope":true,"emailVerifiedAlwaysTrue":true},"clockToleranceSec":5,"createNewUsersOnLogin":true,"postLogoutRedirectUri":"string"})
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/identity-providers',
    'method': 'POST',
    'headers': {
      'Content-type': 'application/json',
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
  req.write(data)
  

qlik identity-provider create jwtauth \
--clockToleranceSec="5" \
--description="string" \
--protocol="OIDC" \
--provider="auth0" \
--tenantIds='"string"'

Request

{
  "options": {
    "realm": "string",
    "audience": "string",
    "discoveryUrl": "string",
    "claimsMapping": {
      "sub": [
        "string"
      ],
      "client_id": [
        "string"
      ]
    },
    "allowedClientIds": [
      "string"
    ],
    "openid_configuration": {
      "issuer": "string",
      "jwks_uri": "string",
      "token_endpoint": "string",
      "userinfo_endpoint": "string",
      "end_session_endpoint": "string",
      "authorization_endpoint": "string",
      "introspection_endpoint": "string"
    }
  },
  "protocol": "OIDC",
  "provider": "auth0",
  "tenantIds": [
    "string"
  ],
  "skipVerify": false,
  "description": "string",
  "interactive": false,
  "pendingOptions": {
    "realm": "string",
    "scope": "string",
    "clientId": "string",
    "clientSecret": "string",
    "discoveryUrl": "string",
    "claimsMapping": {
      "sub": [
        "string"
      ],
      "name": [
        "string"
      ],
      "email": [
        "string"
      ],
      "groups": [
        "string"
      ],
      "locale": [
        "string"
      ],
      "picture": [
        "string"
      ],
      "zoneinfo": [
        "string"
      ],
      "client_id": [
        "string"
      ],
      "email_verified": [
        "string"
      ]
    },
    "decryptingKey": {
      "jwks": "string",
      "keyId": "string",
      "keySize": 42,
      "keyType": "string",
      "createdAt": "2018-10-30T07:06:22Z",
      "createdBy": "string",
      "publicKey": "string",
      "certificate": "string"
    },
    "idTokenSignatureAlg": "RS256",
    "openid_configuration": {
      "issuer": "string",
      "jwks_uri": "string",
      "token_endpoint": "string",
      "userinfo_endpoint": "string",
      "end_session_endpoint": "string",
      "authorization_endpoint": "string",
      "introspection_endpoint": "string"
    },
    "useClaimsFromIdToken": true,
    "blockOfflineAccessScope": true,
    "emailVerifiedAlwaysTrue": true
  },
  "clockToleranceSec": 5,
  "createNewUsersOnLogin": true,
  "postLogoutRedirectUri": "string"
}

Response

{
  "id": "string",
  "meta": {},
  "active": true,
  "created": "2018-10-30T07:06:22Z",
  "protocol": "OIDC",
  "provider": "auth0",
  "tenantIds": [
    "string"
  ],
  "description": "string",
  "interactive": true,
  "lastUpdated": "2018-10-30T07:06:22Z",
  "clockToleranceSec": 42,
  "createNewUsersOnLogin": true,
  "postLogoutRedirectUri": "string",
  "options": {
    "realm": "string",
    "scope": "string",
    "issuer": "string",
    "clientId": "string",
    "clientSecret": "string",
    "discoveryUrl": "string",
    "claimsMapping": {
      "sub": [
        "string"
      ],
      "name": [
        "string"
      ],
      "email": [
        "string"
      ],
      "groups": [
        "string"
      ],
      "locale": [
        "string"
      ],
      "picture": [
        "string"
      ],
      "zoneinfo": [
        "string"
      ],
      "client_id": [
        "string"
      ],
      "email_verified": [
        "string"
      ]
    },
    "decryptingKey": {
      "jwks": "string",
      "keyId": "string",
      "keySize": 42,
      "keyType": "string",
      "createdAt": "2018-10-30T07:06:22Z",
      "createdBy": "string",
      "publicKey": "string",
      "certificate": "string"
    },
    "openid_configuration": {
      "issuer": "string",
      "jwks_uri": "string",
      "token_endpoint": "string",
      "userinfo_endpoint": "string",
      "end_session_endpoint": "string",
      "authorization_endpoint": "string",
      "introspection_endpoint": "string"
    },
    "blockOfflineAccessScope": true,
    "emailVerifiedAlwaysTrue": true
  },
  "pendingState": "verified",
  "pendingResult": {
    "error": "string",
    "status": "success",
    "started": "2018-10-30T07:06:22Z",
    "protocol": "OIDC",
    "idpClaims": {},
    "oauth2Error": {
      "error": "string",
      "errorURI": "string",
      "errorDescription": "string"
    },
    "resultantClaims": {}
  },
  "pendingOptions": {
    "realm": "string",
    "scope": "string",
    "issuer": "string",
    "clientId": "string",
    "clientSecret": "string",
    "discoveryUrl": "string",
    "claimsMapping": {
      "sub": [
        "string"
      ],
      "name": [
        "string"
      ],
      "email": [
        "string"
      ],
      "groups": [
        "string"
      ],
      "locale": [
        "string"
      ],
      "picture": [
        "string"
      ],
      "zoneinfo": [
        "string"
      ],
      "client_id": [
        "string"
      ],
      "email_verified": [
        "string"
      ]
    },
    "decryptingKey": {
      "jwks": "string",
      "keyId": "string",
      "keySize": 42,
      "keyType": "string",
      "createdAt": "2018-10-30T07:06:22Z",
      "createdBy": "string",
      "publicKey": "string",
      "certificate": "string"
    },
    "openid_configuration": {
      "issuer": "string",
      "jwks_uri": "string",
      "token_endpoint": "string",
      "userinfo_endpoint": "string",
      "end_session_endpoint": "string",
      "authorization_endpoint": "string",
      "introspection_endpoint": "string"
    },
    "blockOfflineAccessScope": true,
    "emailVerifiedAlwaysTrue": true
  }
}

Return IdP configuration metadata

Returns IdP configuration metadata supported on the tenant. Clients can use this information to programmatically configure their interactions with Qlik Cloud.

Facts

Rate limit Tier 1 (1000 requests per minute)
Categories manage

Responses

200

application/json

Success

  • application/jsonobject
GET /v1/identity-providers/.well-known/metadata.json 
curl "https://your-tenant.us.qlikcloud.com/api/v1/identity-providers/.well-known/metadata.json" \
-H "Authorization: Bearer <access_token>"

const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/identity-providers/.well-known/metadata.json',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
  

qlik identity-provider .well-known metadata.json

Response

{}

Get an IdP

Retrieves a specific IdP. Requesting user must be assigned the TenantAdmin role.

Facts

Rate limit Tier 1 (1000 requests per minute)
Categories manage

Path Parameters

  • idstring
    Required

    The identity provider ID.

Responses

200

application/json

Success

  • application/jsonobject
    One of:
    • BaseIDPobject

      An OIDC-compliant identity provider.

      Show BaseIDP properties
      • idstring

        The unique identifier for the IdP.

      • metaobject
      • activeboolean

        Indicates whether the IdP is available for use.

      • createdstring

        The timestamp for when the IdP was created.

        format = "date-time"

      • protocolstring

        The protocol to be used for communicating with the identity provider. Valid values are OIDC, SAML, jwtAuth, and qsefw-local-bearer-token.

        Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"

      • providerstring

        The identity provider to be used. If protocol is OIDC, the valid values are auth0, okta, generic, salesforce, keycloak, adfs, and azureAD. If protocol is jwtAuth, the valid value is external.

        Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"

      • tenantIdsarray of strings

        The tenant identifiers associated with the given IdP.

      • descriptionstring
      • interactiveboolean

        Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.

      • lastUpdatedstring

        The timestamp for when the IdP was last updated.

        format = "date-time"

      • clockToleranceSecinteger
      • createNewUsersOnLoginboolean

        When the flag is true, new users should be created when logging in for the first time.

      • postLogoutRedirectUristring

        Direct the user on logout to a specific URI.

      • optionsobject
        Show options properties
        • realmstring

          The realm identifier for the IdP.

        • scopestring

          Scope that will be sent along with token requests to the IdP.

        • issuerstring

          This field is only used in Qlik Sense Enterprise Client-Managed IdPs.

        • clientIdstring

          The client identifier used as part of authenticating an interactive identity provider.

        • clientSecretstring

          The client secret used as part of authenticating an interactive identity provider.

        • discoveryUrlstring

          The OpenID configuration endpoint. (Ex: https:///.well-known/openid-configuration).

        • claimsMappingobject

          Mappings from claim name to an array of JSON pointers that point to locations in the claims from the IdP to retrieve the value from.

          Show claimsMapping properties
          • subarray of strings

            A list of JSON pointers used to map the user's subject.

          • namearray of strings

            A list of JSON pointers used to map the user's name.

          • emailarray of strings

            A list of JSON pointers used to map the user's email.

          • groupsarray of strings

            A list of JSON pointers used to map the user's groups.

          • localearray of strings

            A list of JSON pointers used to map the user's locale.

          • picturearray of strings

            A list of JSON pointers used to map the user's picture.

          • zoneinfoarray of strings

            A list of JSON pointers used to map the user's zoneinfo.

          • client_idarray of strings

            A list of JSON pointers used to map the user's client ID.

          • email_verifiedarray of strings

            A list of JSON pointers used to map the user's email_verified claim.
        • decryptingKeyobject

          A decrypting key used to decrypt OIDC encrypted assertions

          Show decryptingKey properties
          • jwksstring

            The public key in jwk format

          • keyIdstring

            The id of the decrypting key

          • keySizeinteger
            Required

            The algorithm size of the decrypting key

          • keyTypestring
            Required

            The algorithm type of the decrypting key

          • createdAtstring

            The timestamp for when the decrypting key was created.

            format = "date-time"

          • createdBystring

            The user id of the user who created the decrypting key

          • publicKeystring

            The public key in pem format

          • certificatestring

            The key's certificate in pem format
        • openid_configurationobject

          OpenID configuration

          Show openid_configuration properties
          • issuerstring
            Required

            OpenID Provider issuer

          • jwks_uristring
            Required

            URL of the OP's JSON Web Key Set [JWK] document

          • token_endpointstring
            Required

            OAuth 2.0 Token Endpoint

          • userinfo_endpointstring

            URL of the OP's UserInfo Endpoint

          • end_session_endpointstring

            URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.

          • authorization_endpointstring
            Required

            OAuth 2.0 Authorization Endpoint

          • introspection_endpointstring

            The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
        • blockOfflineAccessScopeboolean

          If true, the offline_access scope will not be requested from the IdP, where applicable.

        • emailVerifiedAlwaysTrueboolean

          Determines if email_verified should be always true. This field is only used in ADFS and AzureAD IdPs.
      • pendingStatestring

        The state of pendingOptions. This represents the latest IdP test result.

        Can be one of: "verified""pending""error"

      • pendingResultobject
        Show pendingResult properties
        • errorstring

          A unique readable error message based on the error that has occurred.

        • statusstring
          Required

          The status of the IdP configuration being tested.

          Can be one of: "success""pending""error""claimsError""callbackError""tokenError""protocolError""networkError""configChangedDuringTestError"

        • startedstring

          The timestamp for when the test was started for an IdP configuration. This field is only available during lifespan of the test.

          format = "date-time"

        • protocolstring

          The protocol used to communicate with the IdP during the test flow.

          Can be one of: "OIDC""SAML"

        • idpClaimsobject

          The claims retrieved from the external IdP.

        • oauth2Errorobject
          Show oauth2Error properties
          • errorstring
            Required

            An error code to identity the authentication error.

          • errorURIstring

            An optional URI that includes additional information about the given error.

          • errorDescriptionstring

            An optional human-readable description for the given error code.
        • resultantClaimsobject

          The resultant claims based on the claims received from the external IdP.
      • pendingOptionsobject
        Show pendingOptions properties
        • realmstring

          The realm identifier for the IdP.

        • scopestring

          Scope that will be sent along with token requests to the IdP.

        • issuerstring

          This field is only used in Qlik Sense Enterprise Client-Managed IdPs.

        • clientIdstring

          The client identifier used as part of authenticating an interactive identity provider.

        • clientSecretstring

          The client secret used as part of authenticating an interactive identity provider.

        • discoveryUrlstring

          The OpenID configuration endpoint. (Ex: https:///.well-known/openid-configuration).

        • claimsMappingobject

          Mappings from claim name to an array of JSON pointers that point to locations in the claims from the IdP to retrieve the value from.

          Show claimsMapping properties
          • subarray of strings

            A list of JSON pointers used to map the user's subject.

          • namearray of strings

            A list of JSON pointers used to map the user's name.

          • emailarray of strings

            A list of JSON pointers used to map the user's email.

          • groupsarray of strings

            A list of JSON pointers used to map the user's groups.

          • localearray of strings

            A list of JSON pointers used to map the user's locale.

          • picturearray of strings

            A list of JSON pointers used to map the user's picture.

          • zoneinfoarray of strings

            A list of JSON pointers used to map the user's zoneinfo.

          • client_idarray of strings

            A list of JSON pointers used to map the user's client ID.

          • email_verifiedarray of strings

            A list of JSON pointers used to map the user's email_verified claim.
        • decryptingKeyobject

          A decrypting key used to decrypt OIDC encrypted assertions

          Show decryptingKey properties
          • jwksstring

            The public key in jwk format

          • keyIdstring

            The id of the decrypting key

          • keySizeinteger
            Required

            The algorithm size of the decrypting key

          • keyTypestring
            Required

            The algorithm type of the decrypting key

          • createdAtstring

            The timestamp for when the decrypting key was created.

            format = "date-time"

          • createdBystring

            The user id of the user who created the decrypting key

          • publicKeystring

            The public key in pem format

          • certificatestring

            The key's certificate in pem format
        • openid_configurationobject

          OpenID configuration

          Show openid_configuration properties
          • issuerstring
            Required

            OpenID Provider issuer

          • jwks_uristring
            Required

            URL of the OP's JSON Web Key Set [JWK] document

          • token_endpointstring
            Required

            OAuth 2.0 Token Endpoint

          • userinfo_endpointstring

            URL of the OP's UserInfo Endpoint

          • end_session_endpointstring

            URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.

          • authorization_endpointstring
            Required

            OAuth 2.0 Authorization Endpoint

          • introspection_endpointstring

            The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
        • blockOfflineAccessScopeboolean

          If true, the offline_access scope will not be requested from the IdP, where applicable.

        • emailVerifiedAlwaysTrueboolean

          Determines if email_verified should be always true. This field is only used in ADFS and AzureAD IdPs.
    • BaseIDPobject

      A SAML-compliant identity provider.

      Show BaseIDP properties
      • idstring

        The unique identifier for the IdP.

      • metaobject
      • activeboolean

        Indicates whether the IdP is available for use.

      • createdstring

        The timestamp for when the IdP was created.

        format = "date-time"

      • protocolstring

        The protocol to be used for communicating with the identity provider. Valid values are OIDC, SAML, jwtAuth, and qsefw-local-bearer-token.

        Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"

      • providerstring

        The identity provider to be used. If protocol is OIDC, the valid values are auth0, okta, generic, salesforce, keycloak, adfs, and azureAD. If protocol is jwtAuth, the valid value is external.

        Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"

      • tenantIdsarray of strings

        The tenant identifiers associated with the given IdP.

      • descriptionstring
      • interactiveboolean

        Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.

      • lastUpdatedstring

        The timestamp for when the IdP was last updated.

        format = "date-time"

      • clockToleranceSecinteger
      • createNewUsersOnLoginboolean

        When the flag is true, new users should be created when logging in for the first time.

      • postLogoutRedirectUristring

        Direct the user on logout to a specific URI.

      • optionsobject
        Show options properties
        • entityIdstring

          The entity URL for the SAML IdP.

        • signOnUrlstring

          The sign on URL for the SAML IdP.

        • signingKeysarray of objects

          Set of certificates used to sign SAMLRequest payloads. Not present in pendingOptions.

          Show signingKeys properties
          • refIdstring

            The reference ID for choosing this key pair.

          • certificatestring

            The certificate to be uploaded to the identity provider for verifying SAML requests.
        • certificatesarray of objects

          The certificates used for validating signed responses.

          Show certificates properties
          • namestring

            Given name for this certificate.

          • signatureboolean

            Indicates whether the certificate is used for the signature.

            default = true

          • encryptionboolean

            Indicates whether the certificate is used for encryption.

            default = false

          • certificatestring
            Required

            The X.509 certificate for validating signed SAML responses.
        • nameIdFormatstring

          The name identifier format that will be requested from the identity provider.

          Can be one of: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress""urn:oasis:names:tc:SAML:2.0:nameid-format:persistent""urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

        • claimsMappingobject

          Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.

          Show claimsMapping properties
          • subarray of strings
            Required

            A list of SAML attributes used to map the user's subject.

          • namearray of strings
            Required

            A list of SAML attributes used to map the user's name.

          • emailarray of strings
            Required

            A list of SAML attributes used to map the user's email.

          • groupsarray of strings
            Required

            A list of SAML attributes used to map the user's groups.

          • picturearray of strings
            Required

            A list of SAML attributes used to map the user's picture.
        • allowIdpInitiatedLoginboolean

          Toggle to allow IdP initated login by the SAML IdP.

        • signingKeySelectedRefIdstring

          The reference ID of the chosen signing key pair.
      • pendingStatestring

        The state of pendingOptions. This represents the latest IdP test result.

        Can be one of: "verified""pending""error"

      • pendingResultobject
        Show pendingResult properties
        • errorstring

          A unique readable error message based on the error that has occurred.

        • statusstring
          Required

          The status of the IdP configuration being tested.

          Can be one of: "success""pending""error""claimsError""callbackError""tokenError""protocolError""networkError""configChangedDuringTestError"

        • startedstring

          The timestamp for when the test was started for an IdP configuration. This field is only available during lifespan of the test.

          format = "date-time"

        • protocolstring

          The protocol used to communicate with the IdP during the test flow.

          Can be one of: "OIDC""SAML"

        • idpClaimsobject

          The claims retrieved from the external IdP.

        • oauth2Errorobject
          Show oauth2Error properties
          • errorstring
            Required

            An error code to identity the authentication error.

          • errorURIstring

            An optional URI that includes additional information about the given error.

          • errorDescriptionstring

            An optional human-readable description for the given error code.
        • resultantClaimsobject

          The resultant claims based on the claims received from the external IdP.
      • pendingOptionsobject
        Show pendingOptions properties
        • entityIdstring

          The entity URL for the SAML IdP.

        • signOnUrlstring

          The sign on URL for the SAML IdP.

        • signingKeysarray of objects

          Set of certificates used to sign SAMLRequest payloads. Not present in pendingOptions.

          Show signingKeys properties
          • refIdstring

            The reference ID for choosing this key pair.

          • certificatestring

            The certificate to be uploaded to the identity provider for verifying SAML requests.
        • certificatesarray of objects

          The certificates used for validating signed responses.

          Show certificates properties
          • namestring

            Given name for this certificate.

          • signatureboolean

            Indicates whether the certificate is used for the signature.

            default = true

          • encryptionboolean

            Indicates whether the certificate is used for encryption.

            default = false

          • certificatestring
            Required

            The X.509 certificate for validating signed SAML responses.
        • nameIdFormatstring

          The name identifier format that will be requested from the identity provider.

          Can be one of: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress""urn:oasis:names:tc:SAML:2.0:nameid-format:persistent""urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

        • claimsMappingobject

          Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.

          Show claimsMapping properties
          • subarray of strings
            Required

            A list of SAML attributes used to map the user's subject.

          • namearray of strings
            Required

            A list of SAML attributes used to map the user's name.

          • emailarray of strings
            Required

            A list of SAML attributes used to map the user's email.

          • groupsarray of strings
            Required

            A list of SAML attributes used to map the user's groups.

          • picturearray of strings
            Required

            A list of SAML attributes used to map the user's picture.
        • allowIdpInitiatedLoginboolean

          Toggle to allow IdP initated login by the SAML IdP.

        • signingKeySelectedRefIdstring

          The reference ID of the chosen signing key pair.
    • BaseIDPobject

      An identity provider for JWT authentication.

      Show BaseIDP properties
      • idstring

        The unique identifier for the IdP.

      • metaobject
      • activeboolean

        Indicates whether the IdP is available for use.

      • createdstring

        The timestamp for when the IdP was created.

        format = "date-time"

      • protocolstring

        The protocol to be used for communicating with the identity provider. Valid values are OIDC, SAML, jwtAuth, and qsefw-local-bearer-token.

        Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"

      • providerstring

        The identity provider to be used. If protocol is OIDC, the valid values are auth0, okta, generic, salesforce, keycloak, adfs, and azureAD. If protocol is jwtAuth, the valid value is external.

        Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"

      • tenantIdsarray of strings

        The tenant identifiers associated with the given IdP.

      • descriptionstring
      • interactiveboolean

        Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.

      • lastUpdatedstring

        The timestamp for when the IdP was last updated.

        format = "date-time"

      • clockToleranceSecinteger
      • createNewUsersOnLoginboolean

        When the flag is true, new users should be created when logging in for the first time.

      • postLogoutRedirectUristring

        Direct the user on logout to a specific URI.

      • optionsobject
        Show options properties
        • issuerstring

          The expected JWT issuer

        • staticKeysarray of objects
          Show staticKeys properties
          • kidstring

            Key ID used to sign the JWTs.

          • pemstring

            Pem-encoded public key for verifying the JWTs.

401

application/json

Unauthorized

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.

404

application/json

Not Found

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.
GET /v1/identity-providers/{id} 
curl "https://your-tenant.us.qlikcloud.com/api/v1/identity-providers/{id}" \
-H "Authorization: Bearer <access_token>"

const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/identity-providers/{id}',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
  

qlik identity-provider get <identity-providerId>

Response

{
  "id": "string",
  "meta": {},
  "active": true,
  "created": "2018-10-30T07:06:22Z",
  "protocol": "OIDC",
  "provider": "auth0",
  "tenantIds": [
    "string"
  ],
  "description": "string",
  "interactive": true,
  "lastUpdated": "2018-10-30T07:06:22Z",
  "clockToleranceSec": 42,
  "createNewUsersOnLogin": true,
  "postLogoutRedirectUri": "string",
  "options": {
    "realm": "string",
    "scope": "string",
    "issuer": "string",
    "clientId": "string",
    "clientSecret": "string",
    "discoveryUrl": "string",
    "claimsMapping": {
      "sub": [
        "string"
      ],
      "name": [
        "string"
      ],
      "email": [
        "string"
      ],
      "groups": [
        "string"
      ],
      "locale": [
        "string"
      ],
      "picture": [
        "string"
      ],
      "zoneinfo": [
        "string"
      ],
      "client_id": [
        "string"
      ],
      "email_verified": [
        "string"
      ]
    },
    "decryptingKey": {
      "jwks": "string",
      "keyId": "string",
      "keySize": 42,
      "keyType": "string",
      "createdAt": "2018-10-30T07:06:22Z",
      "createdBy": "string",
      "publicKey": "string",
      "certificate": "string"
    },
    "openid_configuration": {
      "issuer": "string",
      "jwks_uri": "string",
      "token_endpoint": "string",
      "userinfo_endpoint": "string",
      "end_session_endpoint": "string",
      "authorization_endpoint": "string",
      "introspection_endpoint": "string"
    },
    "blockOfflineAccessScope": true,
    "emailVerifiedAlwaysTrue": true
  },
  "pendingState": "verified",
  "pendingResult": {
    "error": "string",
    "status": "success",
    "started": "2018-10-30T07:06:22Z",
    "protocol": "OIDC",
    "idpClaims": {},
    "oauth2Error": {
      "error": "string",
      "errorURI": "string",
      "errorDescription": "string"
    },
    "resultantClaims": {}
  },
  "pendingOptions": {
    "realm": "string",
    "scope": "string",
    "issuer": "string",
    "clientId": "string",
    "clientSecret": "string",
    "discoveryUrl": "string",
    "claimsMapping": {
      "sub": [
        "string"
      ],
      "name": [
        "string"
      ],
      "email": [
        "string"
      ],
      "groups": [
        "string"
      ],
      "locale": [
        "string"
      ],
      "picture": [
        "string"
      ],
      "zoneinfo": [
        "string"
      ],
      "client_id": [
        "string"
      ],
      "email_verified": [
        "string"
      ]
    },
    "decryptingKey": {
      "jwks": "string",
      "keyId": "string",
      "keySize": 42,
      "keyType": "string",
      "createdAt": "2018-10-30T07:06:22Z",
      "createdBy": "string",
      "publicKey": "string",
      "certificate": "string"
    },
    "openid_configuration": {
      "issuer": "string",
      "jwks_uri": "string",
      "token_endpoint": "string",
      "userinfo_endpoint": "string",
      "end_session_endpoint": "string",
      "authorization_endpoint": "string",
      "introspection_endpoint": "string"
    },
    "blockOfflineAccessScope": true,
    "emailVerifiedAlwaysTrue": true
  }
}

Update an IdP

Updates the configuration of an IdP. Requesting user must be assigned the TenantAdmin role. Partial failure is treated as complete failure and returns an error.

Facts

Rate limit Tier 2 (100 requests per minute)
Categories manage

Header Parameters

  • QLIK-IDP-POPTS-MATCHstring

    A unique string representing a hash that should map to an IdP's hash representation of the current configuration being tested.

    format = "uuid"

Path Parameters

  • idstring
    Required

    The identity provider ID.

Request Body

application/json

Attributes that the user wants to patially update for an identity provider resource.

  • application/jsonarray
    One of:
    • array of objects

      A patch request for an identity provider using the OIDC protocol.

      Show properties
      • opstring
        Required

        The "operation" to be performed on a given IdP. Currently supports a custom operation value called "promote-options" that allows the test configuration to be promoted to the current configuration used for login.

        Can be one of: "replace""promote-options"

      • pathstring

        The "path" to the part of the IdP document.

        Can be one of: "/active""/description""/meta""/options""/options/realm""/options/discoveryUrl""/options/claimsMapping""/pendingOptions""/pendingOptions/realm""/pendingOptions/discoveryUrl""/pendingOptions/clientId""/pendingOptions/clientSecret""/pendingOptions/emailVerifiedAlwaysTrue""/pendingOptions/claimsMapping""/postLogoutRedirectUri""/clockToleranceSec""/pendingOptions/idTokenSignatureAlg""/pendingOptions/decryptingKey"

      • valueany

        The "value" data type is dependent on the path value being used.
    • array of objects

      A patch request for an identity provider using the SAML protocol. Supports a custom operation value called promote-options that allows the test configuration (pendingOptions) to be promoted to the live configuration (options) used for login.'

      Show properties
      • opstring
        Required

        The "operation" to be performed on a given IdP.

        Can be one of: "replace""promote-options"

      • pathstring

        The "path" to the part of the IdP document.

        Can be one of: "/active""/description""/pendingOptions""/pendingOptions/nameIdFormat""/pendingOptions/allowIdpInitiatedLogin""/pendingOptions/entityId""/pendingOptions/signOnUrl""/pendingOptions/metadata""/pendingOptions/certificates""/pendingOptions/claimsMapping""/postLogoutRedirectUri""/clockToleranceSec"

      • valueany

        The "value" data type is dependent on the path value being used.
    • array of objects

      A patch request for an identity provider using the jwtAuth protocol.

      Show properties
      • opstring
        Required

        The "operation" to be performed on a given IdP.

        Can be one of: "replace"

      • pathstring

        The "path" to the part of the IdP document.

        Can be one of: "/description"

      • valueany

        The "value" data type is dependent on the path value being used.

Responses

204

Success

400

application/json

Bad request. Invalid request body, URL, or state transition.

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.

401

application/json

Unauthorized

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.

403

application/json

Access Denied. Only the edge-auth service or TenantAdmin user request can patch an IdP.

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.

404

application/json

Not Found

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.

412

application/json

Precondition Failed. Missing QLIK-IDP-OPTS-MATCH header, or value doesn't match against IdP test configuration value.

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.

500

application/json

Internal server error, the operation failed unexpectedly

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.
PATCH /v1/identity-providers/{id} 
curl "https://your-tenant.us.qlikcloud.com/api/v1/identity-providers/{id}" \
-X PATCH \
-H "Content-type: application/json" \
-H "Authorization: Bearer <access_token>" \
-d '[{"op":"replace","path":"/active"}]'

const https = require('https')
  const data = JSON.stringify([{"op":"replace","path":"/active"}])
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/identity-providers/{id}',
    'method': 'PATCH',
    'headers': {
      'Content-type': 'application/json',
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
  req.write(data)
  

qlik identity-provider patch jwtauth <identity-providerId> \
--body='[{"op":"replace","path":"/active"}]'

Request

[
  {
    "op": "replace",
    "path": "/active"
  }
]

Delete an IdP

Deletes an identity provider. Requesting user must be assigned the TenantAdmin role.

Facts

Rate limit Tier 2 (100 requests per minute)
Categories manage

Path Parameters

  • idstring
    Required

    The identity provider ID.

Responses

204

Success

400

application/json

Bad request. The interactive IdP for the tenant can't be deleted.

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.

404

application/json

Not Found

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.
DELETE /v1/identity-providers/{id} 
curl "https://your-tenant.us.qlikcloud.com/api/v1/identity-providers/{id}" \
-X DELETE \
-H "Authorization: Bearer <access_token>"

const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/identity-providers/{id}',
    'method': 'DELETE',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
  

qlik identity-provider rm <identity-providerId>

Return active interactive IdP metadata

Retrieves default IdP metadata when no interactive IdP is enabled.

Facts

Rate limit Tier 1 (1000 requests per minute)
Categories manage

Responses

200

application/json

Success

  • application/jsonobject
    Show application/json properties
    • userPortalLinkstring

      A link to direct you to where you can manage your Qlik account. Only available if the default identity provider is used (no custom interactive identity providers are active).

    • upgradeSubscriptionLinkstring

      A link to direct you to where you can upgrade your trial or manage your subscriptions. Only available if the default identity provider is used (no custom interactive identity providers are active).

403

application/json

Forbidden

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.

404

application/json

Not Found

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.

500

application/json

Internal server error

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.
GET /v1/identity-providers/me/meta 
curl "https://your-tenant.us.qlikcloud.com/api/v1/identity-providers/me/meta" \
-H "Authorization: Bearer <access_token>"

const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/identity-providers/me/meta',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
  

qlik identity-provider me meta

Response

{
  "userPortalLink": "string",
  "upgradeSubscriptionLink": "string"
}

List IdP statuses

Retrieves the status of all IdP configurations. Requires TenantAdmin role.

Facts

Rate limit Tier 1 (1000 requests per minute)
Categories manage

Responses

200

application/json

Success

  • application/jsonobject
    Show application/json properties
    • idps_metadataarray of objects

      A list of IdP metadata.

      Show idps_metadata properties
      • activeboolean

        Indicates whether the IdP is available for use.

      • providerstring

        The identity provider to be used. If protocol is OIDC, the valid values are auth0, okta, generic, salesforce, keycloak, adfs, and azureAD. If protocol is jwtAuth, the valid value is external.

        Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"

      • interactiveboolean

        Indicates whether the IdP is meant for interactive login.
    • active_interactive_idps_countnumber

      The number of active interactive IdPs.

403

application/json

Forbidden

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.

404

application/json

Not Found

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.

500

application/json

Internal Server Error

A representation of the errors encountered from the HTTP request.

  • application/jsonobject

    A representation of the errors encountered from the HTTP request.

    Show application/json properties
    • errorsarray of objects

      An error object.

      Show errors properties
      • codestring
        Required

        The error code.

      • metaobject

        Additional properties relating to the error.

      • titlestring
        Required

        Summary of the problem.

      • detailstring

        A human-readable explanation specific to this occurrence of the problem.

      • sourceobject

        References to the source of the error.

        Show source properties
        • pointerstring

          A JSON pointer to the property that caused the error.

        • parameterstring

          The URI query parameter that caused the error.
      • statusnumber

        The HTTP status code.
GET /v1/identity-providers/status 
curl "https://your-tenant.us.qlikcloud.com/api/v1/identity-providers/status" \
-H "Authorization: Bearer <access_token>"

const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/api/v1/identity-providers/status',
    'method': 'GET',
    'headers': {
      'Authorization': 'Bearer <access_token>'
    }
  }
  const req = https.request(options)
  

qlik identity-provider status

Response

{
  "idps_metadata": [
    {
      "active": true,
      "provider": "auth0",
      "interactive": true
    }
  ],
  "active_interactive_idps_count": 42
}