This endpoint retrieves one or more identity providers from the service. The tenantID in the JWT will be used to fetch the identity provider.
Facts
Rate limit | Tier 1 (1000 requests per minute) |
Categories | externalmanage |
Query Parameters
- activeboolean
If provided, filters the results by the active field.
- limitnumber
The number of IdP entries to retrieve.
- nextstring
The next page cursor.
- prevstring
The previous page cursor.
Responses
200
application/json
Success
- application/jsonobject
application/json properties
- dataarray of objects
An array of IdPs.
One of:- BaseIDPobject
An OIDC-compliant identity provider.
BaseIDP properties
- idstring
The unique identifier for the IdP.
- metaobject
- activeboolean
Indicates whether the IdP is available for use.
- createdstring
The timestamp for when the IdP was created.
- protocolstring
The protocol to be used for communicating with the identity provider. Valid values are
OIDC
,SAML
,jwtAuth
, andqsefw-local-bearer-token
.Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"
- providerstring
The identity provider to be used. If protocol is
OIDC
, the valid values areauth0
,okta
,generic
,salesforce
,keycloak
,adfs
, andazureAD
. If protocol isjwtAuth
, the valid value isexternal
.Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"
- tenantIdsarray of strings
The tenant identifiers associated with the given IdP.
- descriptionstring
- interactiveboolean
Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.
- lastUpdatedstring
The timestamp for when the IdP was last updated.
- clockToleranceSecinteger
- createNewUsersOnLoginboolean
When the flag is true, new users should be created when logging in for the first time.
- postLogoutRedirectUristring
Direct the user on logout to a specific URI.
- optionsobject
options properties
- realmstring
The realm identifier for the IdP.
- scopestring
Scope that will be sent along with token requests to the IdP.
- issuerstring
This field is only used in Qlik Sense Enterprise Client-Managed IdPs.
- clientIdstring
The client identifier used as part of authenticating an interactive identity provider.
- clientSecretstring
The client secret used as part of authenticating an interactive identity provider.
- discoveryUrlstring
The OpenID configuration endpoint. (Ex: https://
/.well-known/openid-configuration). - claimsMappingobject
Mappings from claim name to an array of JSON pointers that point to locations in the claims from the IdP to retrieve the value from.
claimsMapping properties
- subarray of strings
A list of JSON pointers used to map the user's subject.
- namearray of strings
A list of JSON pointers used to map the user's name.
- emailarray of strings
A list of JSON pointers used to map the user's email.
- groupsarray of strings
A list of JSON pointers used to map the user's groups.
- localearray of strings
A list of JSON pointers used to map the user's locale.
- picturearray of strings
A list of JSON pointers used to map the user's picture.
- zoneinfoarray of strings
A list of JSON pointers used to map the user's zoneinfo.
- client_idarray of strings
A list of JSON pointers used to map the user's client ID.
- email_verifiedarray of strings
A list of JSON pointers used to map the user's email_verified claim.
-
- openid_configurationobject
OpenID configuration
openid_configuration properties
- issuerstringRequired
OpenID Provider issuer
- jwks_uristringRequired
URL of the OP's JSON Web Key Set [JWK] document
- token_endpointstringRequired
OAuth 2.0 Token Endpoint
- userinfo_endpointstring
URL of the OP's UserInfo Endpoint
- end_session_endpointstring
URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.
- authorization_endpointstringRequired
OAuth 2.0 Authorization Endpoint
- introspection_endpointstring
The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
-
- blockOfflineAccessScopeboolean
If true, the
offline_access
scope will not be requested from the IdP, where applicable. - emailVerifiedAlwaysTrueboolean
Determines if email_verified should be always true. This field is only used in ADFS and AzureAD IdPs.
-
- pendingStatestring
The state of pendingOptions. This represents the latest IdP test result.
Can be one of: "verified""pending""error"
- pendingResultobject
pendingResult properties
- errorstring
A unique readable error message based on the error that has occurred.
- statusstringRequired
The status of the IdP configuration being tested.
Can be one of: "success""pending""error""claimsError""callbackError""tokenError""protocolError""networkError""configChangedDuringTestError"
- startedstring
The timestamp for when the test was started for an IdP configuration. This field is only available during lifespan of the test.
- protocolstring
The protocol used to communicate with the IdP during the test flow.
Can be one of: "OIDC""SAML"
- idpClaimsobject
The claims retrieved from the external IdP.
- oauth2Errorobject
oauth2Error properties
- errorstringRequired
An error code to identity the authentication error.
- errorURIstring
An optional URI that includes additional information about the given error.
- errorDescriptionstring
An optional human-readable description for the given error code.
-
- resultantClaimsobject
The resultant claims based on the claims received from the external IdP.
-
- pendingOptionsobject
pendingOptions properties
- realmstring
The realm identifier for the IdP.
- scopestring
Scope that will be sent along with token requests to the IdP.
- issuerstring
This field is only used in Qlik Sense Enterprise Client-Managed IdPs.
- clientIdstring
The client identifier used as part of authenticating an interactive identity provider.
- clientSecretstring
The client secret used as part of authenticating an interactive identity provider.
- discoveryUrlstring
The OpenID configuration endpoint. (Ex: https://
/.well-known/openid-configuration). - claimsMappingobject
Mappings from claim name to an array of JSON pointers that point to locations in the claims from the IdP to retrieve the value from.
claimsMapping properties
- subarray of strings
A list of JSON pointers used to map the user's subject.
- namearray of strings
A list of JSON pointers used to map the user's name.
- emailarray of strings
A list of JSON pointers used to map the user's email.
- groupsarray of strings
A list of JSON pointers used to map the user's groups.
- localearray of strings
A list of JSON pointers used to map the user's locale.
- picturearray of strings
A list of JSON pointers used to map the user's picture.
- zoneinfoarray of strings
A list of JSON pointers used to map the user's zoneinfo.
- client_idarray of strings
A list of JSON pointers used to map the user's client ID.
- email_verifiedarray of strings
A list of JSON pointers used to map the user's email_verified claim.
-
- openid_configurationobject
OpenID configuration
openid_configuration properties
- issuerstringRequired
OpenID Provider issuer
- jwks_uristringRequired
URL of the OP's JSON Web Key Set [JWK] document
- token_endpointstringRequired
OAuth 2.0 Token Endpoint
- userinfo_endpointstring
URL of the OP's UserInfo Endpoint
- end_session_endpointstring
URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.
- authorization_endpointstringRequired
OAuth 2.0 Authorization Endpoint
- introspection_endpointstring
The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
-
- blockOfflineAccessScopeboolean
If true, the
offline_access
scope will not be requested from the IdP, where applicable. - emailVerifiedAlwaysTrueboolean
Determines if email_verified should be always true. This field is only used in ADFS and AzureAD IdPs.
-
-
- BaseIDPobject
A SAML-compliant identity provider.
BaseIDP properties
- idstring
The unique identifier for the IdP.
- metaobject
- activeboolean
Indicates whether the IdP is available for use.
- createdstring
The timestamp for when the IdP was created.
- protocolstring
The protocol to be used for communicating with the identity provider. Valid values are
OIDC
,SAML
,jwtAuth
, andqsefw-local-bearer-token
.Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"
- providerstring
The identity provider to be used. If protocol is
OIDC
, the valid values areauth0
,okta
,generic
,salesforce
,keycloak
,adfs
, andazureAD
. If protocol isjwtAuth
, the valid value isexternal
.Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"
- tenantIdsarray of strings
The tenant identifiers associated with the given IdP.
- descriptionstring
- interactiveboolean
Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.
- lastUpdatedstring
The timestamp for when the IdP was last updated.
- clockToleranceSecinteger
- createNewUsersOnLoginboolean
When the flag is true, new users should be created when logging in for the first time.
- postLogoutRedirectUristring
Direct the user on logout to a specific URI.
- optionsobject
options properties
- entityIdstring
The entity URL for the SAML IdP.
- signOnUrlstring
The sign on URL for the SAML IdP.
- signingKeysarray of objects
Set of certificates used to sign SAMLRequest payloads. Not present in
pendingOptions
.signingKeys properties
- refIdstring
The reference ID for choosing this key pair.
- certificatestring
The certificate to be uploaded to the identity provider for verifying SAML requests.
-
- certificatesarray of objects
The certificates used for validating signed responses.
certificates properties
- namestring
Given name for this certificate.
- signatureboolean
Indicates whether the certificate is used for the signature.
- encryptionboolean
Indicates whether the certificate is used for encryption.
- certificatestringRequired
The X.509 certificate for validating signed SAML responses.
-
- nameIdFormatstring
The name identifier format that will be requested from the identity provider.
Can be one of: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress""urn:oasis:names:tc:SAML:2.0:nameid-format:persistent""urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
- claimsMappingobject
Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.
claimsMapping properties
- subarray of stringsRequired
A list of SAML attributes used to map the user's subject.
- namearray of stringsRequired
A list of SAML attributes used to map the user's name.
- emailarray of stringsRequired
A list of SAML attributes used to map the user's email.
- groupsarray of stringsRequired
A list of SAML attributes used to map the user's groups.
- picturearray of stringsRequired
A list of SAML attributes used to map the user's picture.
-
- allowIdpInitiatedLoginboolean
Toggle to allow IdP initated login by the SAML IdP.
- signingKeySelectedRefIdstring
The reference ID of the chosen signing key pair.
-
- pendingStatestring
The state of pendingOptions. This represents the latest IdP test result.
Can be one of: "verified""pending""error"
- pendingResultobject
pendingResult properties
- errorstring
A unique readable error message based on the error that has occurred.
- statusstringRequired
The status of the IdP configuration being tested.
Can be one of: "success""pending""error""claimsError""callbackError""tokenError""protocolError""networkError""configChangedDuringTestError"
- startedstring
The timestamp for when the test was started for an IdP configuration. This field is only available during lifespan of the test.
- protocolstring
The protocol used to communicate with the IdP during the test flow.
Can be one of: "OIDC""SAML"
- idpClaimsobject
The claims retrieved from the external IdP.
- oauth2Errorobject
oauth2Error properties
- errorstringRequired
An error code to identity the authentication error.
- errorURIstring
An optional URI that includes additional information about the given error.
- errorDescriptionstring
An optional human-readable description for the given error code.
-
- resultantClaimsobject
The resultant claims based on the claims received from the external IdP.
-
- pendingOptionsobject
pendingOptions properties
- entityIdstring
The entity URL for the SAML IdP.
- signOnUrlstring
The sign on URL for the SAML IdP.
- signingKeysarray of objects
- certificatesarray of objects
- nameIdFormatstring
The name identifier format that will be requested from the identity provider.
Can be one of: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress""urn:oasis:names:tc:SAML:2.0:nameid-format:persistent""urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
- claimsMappingobject
Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.
claimsMapping properties
- subarray of stringsRequired
A list of SAML attributes used to map the user's subject.
- namearray of stringsRequired
A list of SAML attributes used to map the user's name.
- emailarray of stringsRequired
A list of SAML attributes used to map the user's email.
- groupsarray of stringsRequired
A list of SAML attributes used to map the user's groups.
- picturearray of stringsRequired
A list of SAML attributes used to map the user's picture.
-
- allowIdpInitiatedLoginboolean
Toggle to allow IdP initated login by the SAML IdP.
- signingKeySelectedRefIdstring
The reference ID of the chosen signing key pair.
-
-
- BaseIDPobject
An identity provider for JWT authentication.
BaseIDP properties
- idstring
The unique identifier for the IdP.
- metaobject
- activeboolean
Indicates whether the IdP is available for use.
- createdstring
The timestamp for when the IdP was created.
- protocolstring
The protocol to be used for communicating with the identity provider. Valid values are
OIDC
,SAML
,jwtAuth
, andqsefw-local-bearer-token
.Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"
- providerstring
The identity provider to be used. If protocol is
OIDC
, the valid values areauth0
,okta
,generic
,salesforce
,keycloak
,adfs
, andazureAD
. If protocol isjwtAuth
, the valid value isexternal
.Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"
- tenantIdsarray of strings
The tenant identifiers associated with the given IdP.
- descriptionstring
- interactiveboolean
Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.
- lastUpdatedstring
The timestamp for when the IdP was last updated.
- clockToleranceSecinteger
- createNewUsersOnLoginboolean
When the flag is true, new users should be created when logging in for the first time.
- postLogoutRedirectUristring
Direct the user on logout to a specific URI.
- optionsobject
options properties
- issuerstring
The expected JWT issuer
- staticKeysarray of objects
staticKeys properties
- kidstring
Key ID used to sign the JWTs.
- pemstring
Pem-encoded public key for verifying the JWTs.
-
-
-
-
- linksobject
Contains pagination links.
links properties
- nextobject
next properties
- hrefstring
Link to the next page of items.
-
- prevobject
prev properties
- hrefstring
Link to the previous page of items.
-
- selfobject
self properties
- hrefstring
Link to the current page of items.
-
-
-
404
application/json
Not Found
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
curl "https://your-tenant.us.qlikcloud.com/api/v1/identity-providers" \
-H "Authorization: Bearer <API-key>"
const https = require('https')
const data = JSON.stringify("")
const options = {
'hostname': 'https://your-tenant.us.qlikcloud.com',
'port': 443,
'path': '/api/v1/identity-providers',
'method': 'GET',
'headers': {
'Authorization': 'Bearer <API-key>'
}
}
const req = https.request(options)
qlik identity-provider ls
Response
{
"data": [
{
"id": "string",
"meta": {},
"active": true,
"created": "2018-10-30T07:06:22Z",
"protocol": "OIDC",
"provider": "auth0",
"tenantIds": [
"string"
],
"description": "string",
"interactive": true,
"lastUpdated": "2018-10-30T07:06:22Z",
"clockToleranceSec": 42,
"createNewUsersOnLogin": true,
"postLogoutRedirectUri": "string",
"options": {
"realm": "string",
"scope": "string",
"issuer": "string",
"clientId": "string",
"clientSecret": "string",
"discoveryUrl": "string",
"claimsMapping": {
"sub": [
"string"
],
"name": [
"string"
],
"email": [
"string"
],
"groups": [
"string"
],
"locale": [
"string"
],
"picture": [
"string"
],
"zoneinfo": [
"string"
],
"client_id": [
"string"
],
"email_verified": [
"string"
]
},
"openid_configuration": {
"issuer": "string",
"jwks_uri": "string",
"token_endpoint": "string",
"userinfo_endpoint": "string",
"end_session_endpoint": "string",
"authorization_endpoint": "string",
"introspection_endpoint": "string"
},
"blockOfflineAccessScope": true,
"emailVerifiedAlwaysTrue": true
},
"pendingState": "verified",
"pendingResult": {
"error": "string",
"status": "success",
"started": "2018-10-30T07:06:22Z",
"protocol": "OIDC",
"idpClaims": {},
"oauth2Error": {
"error": "string",
"errorURI": "string",
"errorDescription": "string"
},
"resultantClaims": {}
},
"pendingOptions": {
"realm": "string",
"scope": "string",
"issuer": "string",
"clientId": "string",
"clientSecret": "string",
"discoveryUrl": "string",
"claimsMapping": {
"sub": [
"string"
],
"name": [
"string"
],
"email": [
"string"
],
"groups": [
"string"
],
"locale": [
"string"
],
"picture": [
"string"
],
"zoneinfo": [
"string"
],
"client_id": [
"string"
],
"email_verified": [
"string"
]
},
"openid_configuration": {
"issuer": "string",
"jwks_uri": "string",
"token_endpoint": "string",
"userinfo_endpoint": "string",
"end_session_endpoint": "string",
"authorization_endpoint": "string",
"introspection_endpoint": "string"
},
"blockOfflineAccessScope": true,
"emailVerifiedAlwaysTrue": true
}
}
],
"links": {
"next": {
"href": "string"
},
"prev": {
"href": "string"
},
"self": {
"href": "string"
}
}
}
This endpoint creates an identity provider resource. It returns a 201 Created when creation is successful with a header "QLIK-IDP-POPTS" (A unique string representing a hash of the current configuration being tested), returns a 403 Forbidden for a non TenantAdmin user JWT or if the tenantID in the JWT does not match with any of the tenantIDs in the payload. An IdP can be created with Pending Options or options depending whether the IdP is interactive or not.
Facts
Rate limit | Tier 2 (100 requests per minute) |
Categories | externalmanage |
Request Body
application/json
Attributes that the user wants to set for a new identity provider resource.
- application/jsonobjectOne of:
- CreateOIDCPayloadobject
Payload for creating an OIDC-compatible identity provider.
CreateOIDCPayload properties
- optionsobject
Required OIDC configurations for non-interactive IdPs and interactive IdPs with
skipVerify
flag enabled.options properties
- realmstring
The realm identifier for the IdP.
- audiencestring
Allows for setting audience in access tokens.
- discoveryUrlstring
The OpenID configuration endpoint. (Ex: https://
/.well-known/openid-configuration). Required if openid_configuration is not given. - claimsMappingobjectRequired
Mappings from claim name to an array of JSON pointers that point to locations in the claims from the IdP to retrieve the value from.
claimsMapping properties
- subarray of strings
A list of JSON pointers used to map the user's subject.
- client_idarray of strings
A list of JSON pointers used to map the user's client ID.
-
- allowedClientIdsarray of strings
Only clients with IDs in this list will be allowed API access. A blank list or empty value means any client IDs authenticated against the IdP will be allowed access.
- openid_configurationobject
OpenID configuration
openid_configuration properties
- issuerstringRequired
OpenID Provider issuer
- jwks_uristringRequired
URL of the OP's JSON Web Key Set [JWK] document
- token_endpointstringRequired
OAuth 2.0 Token Endpoint
- userinfo_endpointstring
URL of the OP's UserInfo Endpoint
- end_session_endpointstring
URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.
- authorization_endpointstringRequired
OAuth 2.0 Authorization Endpoint
- introspection_endpointstring
The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
-
-
- protocolstringRequired
The protocol to be used for communicating with the identity provider.
Can be one of: "OIDC"
- providerstringRequired
The identity provider to be used.
Can be one of: "auth0""okta""generic""salesforce""keycloak""adfs""azureAD"
- tenantIdsarray of strings
The tenant identifiers that map to the given IdP.
- skipVerifyboolean
If set to
true
, skips IdP verification process and assumes the IdP is verified. - descriptionstring
- interactivebooleanRequired
Indicates whether the IdP is meant for interactive login.
- pendingOptionsobject
Required OIDC configurations for interactive IdPs that require verification.
pendingOptions properties
- realmstring
The realm identifier for the IdP.
- scopestring
Scope which will be sent along with token requests to the IdP. Scopes should be space delimited. Will default to certain values depending on the IdP provider.
- clientIdstringRequired
The client identifier used as part of authenticating an interactive identity provider.
- clientSecretstringRequired
The client secret used as part of authenticating an interactive identity provider.
- discoveryUrlstring
The OpenID configuration endpoint. (Ex: https://
/.well-known/openid-configuration). Required if openid_configuration is not given. - claimsMappingobjectRequired
Mappings from claim name to an array of JSON pointers that point to locations in the claims from the IdP to retrieve the value from.
claimsMapping properties
- subarray of strings
A list of JSON pointers used to map the user's subject.
- namearray of strings
A list of JSON pointers used to map the user's name.
- emailarray of strings
A list of JSON pointers used to map the user's email.
- groupsarray of strings
A list of JSON pointers used to map the user's groups.
- localearray of strings
A list of JSON pointers used to map the user's locale.
- picturearray of strings
A list of JSON pointers used to map the user's picture.
- zoneinfoarray of strings
A list of JSON pointers used to map the user's zoneinfo.
- client_idarray of strings
A list of JSON pointers used to map the user's client ID.
- email_verifiedarray of strings
A list of JSON pointers used to map the user's email_verified claim.
-
- openid_configurationobject
OpenID configuration
openid_configuration properties
- issuerstringRequired
OpenID Provider issuer
- jwks_uristringRequired
URL of the OP's JSON Web Key Set [JWK] document
- token_endpointstringRequired
OAuth 2.0 Token Endpoint
- userinfo_endpointstring
URL of the OP's UserInfo Endpoint
- end_session_endpointstring
URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.
- authorization_endpointstringRequired
OAuth 2.0 Authorization Endpoint
- introspection_endpointstring
The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
-
- useClaimsFromIdTokenboolean
If true, will use the claims from the ID token. By default it is set to true for ADFS and AzureAD.
- blockOfflineAccessScopeboolean
When true, the
offline_access
scope will not be requested from the IdP where applicable. - emailVerifiedAlwaysTrueboolean
Only ADFS and AzureAD IdPs can set this property. For ADFS and AzureAD, it defaults to false. For other IdPs, it defaults to undefined.
-
- clockToleranceSecinteger
There can be clock skew between the IdP and Qlik's login server. In these cases, a tolerance can be set.
- createNewUsersOnLoginboolean
Tells the consumer of the IdP that new users should be created on login if they don't exist.
- postLogoutRedirectUristring
Direct the user on logout to a specific URI.
-
- CreateJWTAuthPayloadobject
Payload for creating an identity provider using JWT authentication.
CreateJWTAuthPayload properties
- optionsobjectRequired
Required IdP configurations.
options properties
- issuerstringRequired
The JWT issuer.
- staticKeysarray of objectsRequired
Keys for verifying JWTs. Limited to 1 key per identity provider.
staticKeys properties
- kidstringRequired
Key ID used to sign the JWTs.
- pemstringRequired
Pem-encoded public key for verifying the JWTs.
-
-
- protocolstringRequired
The protocol to be used for communicating with the identity provider.
Can be one of: "jwtAuth"
- providerstringRequired
The identity provider to be used.
Can be one of: "external"
- tenantIdsarray of strings
The tenant identifiers that map to the given IdP.
- descriptionstring
- clockToleranceSecinteger
There can be clock skew between the IdP and Qlik's login server. In these cases, a tolerance can be set.
-
- CreateSAMLPayloadobject
Payload for creating a SAML compatible identity provider.
CreateSAMLPayload properties
- optionsobject
Required SAML configurations for IdPs with
skipVerify
flag enabled.options properties
- entityIdstring
The entity ID for the SAML IdP. Required if metadata is not provided.
- metadataobject
Metadata for the SAML IdP. Required if individual SAML parameters are not provided.
metadata properties
- rawstringRequired
The IDP metadata XML in base64-encoded format.
-
- signOnUrlstring
The sign on URL for the SAML IdP. Required if metadata is not provided.
- certificatesarray of objects
- nameIdFormatstring
The name identifier format that will be requested from the identity provider.
Can be one of: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress""urn:oasis:names:tc:SAML:2.0:nameid-format:persistent""urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
- claimsMappingobjectRequired
Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.
claimsMapping properties
- subarray of stringsRequired
A list of SAML attributes used to map the user's subject.
- namearray of stringsRequired
A list of SAML attributes used to map the user's name.
- emailarray of stringsRequired
A list of SAML attributes used to map the user's email.
- groupsarray of stringsRequired
A list of SAML attributes used to map the user's groups.
- picturearray of stringsRequired
A list of SAML attributes used to map the user's picture.
-
- allowIdpInitiatedLoginboolean
Toggle to allow IdP initated login by the SAML IdP.
-
- protocolstringRequired
The protocol to be used for communicating with the identity provider.
Can be one of: "SAML"
- providerstringRequired
The identity provider to be used.
Can be one of: "okta""generic""adfs""azureAD"
- tenantIdsarray of strings
The tenant identifiers that map to the given IdP.
- skipVerifyboolean
If set to
true
, skips IdP verification process and assumes the IdP is verified. - descriptionstring
- interactivebooleanRequired
Indicates whether the IdP is meant for interactive login. Must be true for SAML IdPs.
- pendingOptionsobject
Required configurations for SAML IdPs that require verification.
pendingOptions properties
- entityIdstring
The entity ID for the SAML IdP. Required if metadata is not provided.
- metadataobject
Metadata for the SAML IdP. Required if individual SAML parameters are not provided.
metadata properties
- rawstringRequired
The IDP metadata XML in base64-encoded format.
-
- signOnUrlstring
The sign on URL for the SAML IdP. Required if metadata is not provided.
- certificatesarray of objects
- nameIdFormatstring
The name identifier format that will be requested from the identity provider.
Can be one of: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress""urn:oasis:names:tc:SAML:2.0:nameid-format:persistent""urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
- claimsMappingobjectRequired
Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.
claimsMapping properties
- subarray of stringsRequired
A list of SAML attributes used to map the user's subject.
- namearray of stringsRequired
A list of SAML attributes used to map the user's name.
- emailarray of stringsRequired
A list of SAML attributes used to map the user's email.
- groupsarray of stringsRequired
A list of SAML attributes used to map the user's groups.
- picturearray of stringsRequired
A list of SAML attributes used to map the user's picture.
-
- allowIdpInitiatedLoginboolean
Toggle to allow IdP initated login by the SAML IdP.
-
- clockToleranceSecinteger
There can be clock skew between the IdP and Qlik's login server. In these cases, a tolerance can be set.
- createNewUsersOnLoginboolean
Tells the consumer of the IdP that new users should be created on login if they don't exist.
- postLogoutRedirectUristring
Direct the user on logout to a specific URI.
-
-
Responses
201
application/json
Created
- application/jsonobjectOne of:
- BaseIDPobject
An OIDC-compliant identity provider.
BaseIDP properties
- idstring
The unique identifier for the IdP.
- metaobject
- activeboolean
Indicates whether the IdP is available for use.
- createdstring
The timestamp for when the IdP was created.
- protocolstring
The protocol to be used for communicating with the identity provider. Valid values are
OIDC
,SAML
,jwtAuth
, andqsefw-local-bearer-token
.Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"
- providerstring
The identity provider to be used. If protocol is
OIDC
, the valid values areauth0
,okta
,generic
,salesforce
,keycloak
,adfs
, andazureAD
. If protocol isjwtAuth
, the valid value isexternal
.Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"
- tenantIdsarray of strings
The tenant identifiers associated with the given IdP.
- descriptionstring
- interactiveboolean
Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.
- lastUpdatedstring
The timestamp for when the IdP was last updated.
- clockToleranceSecinteger
- createNewUsersOnLoginboolean
When the flag is true, new users should be created when logging in for the first time.
- postLogoutRedirectUristring
Direct the user on logout to a specific URI.
- optionsobject
options properties
- realmstring
The realm identifier for the IdP.
- scopestring
Scope that will be sent along with token requests to the IdP.
- issuerstring
This field is only used in Qlik Sense Enterprise Client-Managed IdPs.
- clientIdstring
The client identifier used as part of authenticating an interactive identity provider.
- clientSecretstring
The client secret used as part of authenticating an interactive identity provider.
- discoveryUrlstring
The OpenID configuration endpoint. (Ex: https://
/.well-known/openid-configuration). - claimsMappingobject
Mappings from claim name to an array of JSON pointers that point to locations in the claims from the IdP to retrieve the value from.
claimsMapping properties
- subarray of strings
A list of JSON pointers used to map the user's subject.
- namearray of strings
A list of JSON pointers used to map the user's name.
- emailarray of strings
A list of JSON pointers used to map the user's email.
- groupsarray of strings
A list of JSON pointers used to map the user's groups.
- localearray of strings
A list of JSON pointers used to map the user's locale.
- picturearray of strings
A list of JSON pointers used to map the user's picture.
- zoneinfoarray of strings
A list of JSON pointers used to map the user's zoneinfo.
- client_idarray of strings
A list of JSON pointers used to map the user's client ID.
- email_verifiedarray of strings
A list of JSON pointers used to map the user's email_verified claim.
-
- openid_configurationobject
OpenID configuration
openid_configuration properties
- issuerstringRequired
OpenID Provider issuer
- jwks_uristringRequired
URL of the OP's JSON Web Key Set [JWK] document
- token_endpointstringRequired
OAuth 2.0 Token Endpoint
- userinfo_endpointstring
URL of the OP's UserInfo Endpoint
- end_session_endpointstring
URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.
- authorization_endpointstringRequired
OAuth 2.0 Authorization Endpoint
- introspection_endpointstring
The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
-
- blockOfflineAccessScopeboolean
If true, the
offline_access
scope will not be requested from the IdP, where applicable. - emailVerifiedAlwaysTrueboolean
Determines if email_verified should be always true. This field is only used in ADFS and AzureAD IdPs.
-
- pendingStatestring
The state of pendingOptions. This represents the latest IdP test result.
Can be one of: "verified""pending""error"
- pendingResultobject
pendingResult properties
- errorstring
A unique readable error message based on the error that has occurred.
- statusstringRequired
The status of the IdP configuration being tested.
Can be one of: "success""pending""error""claimsError""callbackError""tokenError""protocolError""networkError""configChangedDuringTestError"
- startedstring
The timestamp for when the test was started for an IdP configuration. This field is only available during lifespan of the test.
- protocolstring
The protocol used to communicate with the IdP during the test flow.
Can be one of: "OIDC""SAML"
- idpClaimsobject
The claims retrieved from the external IdP.
- oauth2Errorobject
oauth2Error properties
- errorstringRequired
An error code to identity the authentication error.
- errorURIstring
An optional URI that includes additional information about the given error.
- errorDescriptionstring
An optional human-readable description for the given error code.
-
- resultantClaimsobject
The resultant claims based on the claims received from the external IdP.
-
- pendingOptionsobject
pendingOptions properties
- realmstring
The realm identifier for the IdP.
- scopestring
Scope that will be sent along with token requests to the IdP.
- issuerstring
This field is only used in Qlik Sense Enterprise Client-Managed IdPs.
- clientIdstring
The client identifier used as part of authenticating an interactive identity provider.
- clientSecretstring
The client secret used as part of authenticating an interactive identity provider.
- discoveryUrlstring
The OpenID configuration endpoint. (Ex: https://
/.well-known/openid-configuration). - claimsMappingobject
Mappings from claim name to an array of JSON pointers that point to locations in the claims from the IdP to retrieve the value from.
claimsMapping properties
- subarray of strings
A list of JSON pointers used to map the user's subject.
- namearray of strings
A list of JSON pointers used to map the user's name.
- emailarray of strings
A list of JSON pointers used to map the user's email.
- groupsarray of strings
A list of JSON pointers used to map the user's groups.
- localearray of strings
A list of JSON pointers used to map the user's locale.
- picturearray of strings
A list of JSON pointers used to map the user's picture.
- zoneinfoarray of strings
A list of JSON pointers used to map the user's zoneinfo.
- client_idarray of strings
A list of JSON pointers used to map the user's client ID.
- email_verifiedarray of strings
A list of JSON pointers used to map the user's email_verified claim.
-
- openid_configurationobject
OpenID configuration
openid_configuration properties
- issuerstringRequired
OpenID Provider issuer
- jwks_uristringRequired
URL of the OP's JSON Web Key Set [JWK] document
- token_endpointstringRequired
OAuth 2.0 Token Endpoint
- userinfo_endpointstring
URL of the OP's UserInfo Endpoint
- end_session_endpointstring
URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.
- authorization_endpointstringRequired
OAuth 2.0 Authorization Endpoint
- introspection_endpointstring
The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
-
- blockOfflineAccessScopeboolean
If true, the
offline_access
scope will not be requested from the IdP, where applicable. - emailVerifiedAlwaysTrueboolean
Determines if email_verified should be always true. This field is only used in ADFS and AzureAD IdPs.
-
-
- BaseIDPobject
A SAML-compliant identity provider.
BaseIDP properties
- idstring
The unique identifier for the IdP.
- metaobject
- activeboolean
Indicates whether the IdP is available for use.
- createdstring
The timestamp for when the IdP was created.
- protocolstring
The protocol to be used for communicating with the identity provider. Valid values are
OIDC
,SAML
,jwtAuth
, andqsefw-local-bearer-token
.Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"
- providerstring
The identity provider to be used. If protocol is
OIDC
, the valid values areauth0
,okta
,generic
,salesforce
,keycloak
,adfs
, andazureAD
. If protocol isjwtAuth
, the valid value isexternal
.Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"
- tenantIdsarray of strings
The tenant identifiers associated with the given IdP.
- descriptionstring
- interactiveboolean
Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.
- lastUpdatedstring
The timestamp for when the IdP was last updated.
- clockToleranceSecinteger
- createNewUsersOnLoginboolean
When the flag is true, new users should be created when logging in for the first time.
- postLogoutRedirectUristring
Direct the user on logout to a specific URI.
- optionsobject
options properties
- entityIdstring
The entity URL for the SAML IdP.
- signOnUrlstring
The sign on URL for the SAML IdP.
- signingKeysarray of objects
- certificatesarray of objects
- nameIdFormatstring
The name identifier format that will be requested from the identity provider.
Can be one of: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress""urn:oasis:names:tc:SAML:2.0:nameid-format:persistent""urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
- claimsMappingobject
Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.
claimsMapping properties
- subarray of stringsRequired
A list of SAML attributes used to map the user's subject.
- namearray of stringsRequired
A list of SAML attributes used to map the user's name.
- emailarray of stringsRequired
A list of SAML attributes used to map the user's email.
- groupsarray of stringsRequired
A list of SAML attributes used to map the user's groups.
- picturearray of stringsRequired
A list of SAML attributes used to map the user's picture.
-
- allowIdpInitiatedLoginboolean
Toggle to allow IdP initated login by the SAML IdP.
- signingKeySelectedRefIdstring
The reference ID of the chosen signing key pair.
-
- pendingStatestring
The state of pendingOptions. This represents the latest IdP test result.
Can be one of: "verified""pending""error"
- pendingResultobject
pendingResult properties
- errorstring
A unique readable error message based on the error that has occurred.
- statusstringRequired
The status of the IdP configuration being tested.
Can be one of: "success""pending""error""claimsError""callbackError""tokenError""protocolError""networkError""configChangedDuringTestError"
- startedstring
The timestamp for when the test was started for an IdP configuration. This field is only available during lifespan of the test.
- protocolstring
The protocol used to communicate with the IdP during the test flow.
Can be one of: "OIDC""SAML"
- idpClaimsobject
The claims retrieved from the external IdP.
- oauth2Errorobject
oauth2Error properties
- errorstringRequired
An error code to identity the authentication error.
- errorURIstring
An optional URI that includes additional information about the given error.
- errorDescriptionstring
An optional human-readable description for the given error code.
-
- resultantClaimsobject
The resultant claims based on the claims received from the external IdP.
-
- pendingOptionsobject
pendingOptions properties
- entityIdstring
The entity URL for the SAML IdP.
- signOnUrlstring
The sign on URL for the SAML IdP.
- signingKeysarray of objects
- certificatesarray of objects
- nameIdFormatstring
The name identifier format that will be requested from the identity provider.
Can be one of: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress""urn:oasis:names:tc:SAML:2.0:nameid-format:persistent""urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
- claimsMappingobject
Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.
claimsMapping properties
- subarray of stringsRequired
A list of SAML attributes used to map the user's subject.
- namearray of stringsRequired
A list of SAML attributes used to map the user's name.
- emailarray of stringsRequired
A list of SAML attributes used to map the user's email.
- groupsarray of stringsRequired
A list of SAML attributes used to map the user's groups.
- picturearray of stringsRequired
A list of SAML attributes used to map the user's picture.
-
- allowIdpInitiatedLoginboolean
Toggle to allow IdP initated login by the SAML IdP.
- signingKeySelectedRefIdstring
The reference ID of the chosen signing key pair.
-
-
- BaseIDPobject
An identity provider for JWT authentication.
BaseIDP properties
- idstring
The unique identifier for the IdP.
- metaobject
- activeboolean
Indicates whether the IdP is available for use.
- createdstring
The timestamp for when the IdP was created.
- protocolstring
The protocol to be used for communicating with the identity provider. Valid values are
OIDC
,SAML
,jwtAuth
, andqsefw-local-bearer-token
.Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"
- providerstring
The identity provider to be used. If protocol is
OIDC
, the valid values areauth0
,okta
,generic
,salesforce
,keycloak
,adfs
, andazureAD
. If protocol isjwtAuth
, the valid value isexternal
.Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"
- tenantIdsarray of strings
The tenant identifiers associated with the given IdP.
- descriptionstring
- interactiveboolean
Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.
- lastUpdatedstring
The timestamp for when the IdP was last updated.
- clockToleranceSecinteger
- createNewUsersOnLoginboolean
When the flag is true, new users should be created when logging in for the first time.
- postLogoutRedirectUristring
Direct the user on logout to a specific URI.
- optionsobject
options properties
- issuerstring
The expected JWT issuer
- staticKeysarray of objects
staticKeys properties
- kidstring
Key ID used to sign the JWTs.
- pemstring
Pem-encoded public key for verifying the JWTs.
-
-
-
-
400
application/json
Bad Request
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
403
application/json
Forbidden
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
curl "https://your-tenant.us.qlikcloud.com/api/v1/identity-providers" \
-X POST \
-H "Content-type: application/json" \
-H "Authorization: Bearer <API-key>" \
-d '{"options":{"realm":"string","audience":"string","discoveryUrl":"string","claimsMapping":{"sub":["string"],"client_id":["string"]},"allowedClientIds":["string"],"openid_configuration":{"issuer":"string","jwks_uri":"string","token_endpoint":"string","userinfo_endpoint":"string","end_session_endpoint":"string","authorization_endpoint":"string","introspection_endpoint":"string"}},"protocol":"OIDC","provider":"auth0","tenantIds":["string"],"skipVerify":false,"description":"string","interactive":false,"pendingOptions":{"realm":"string","scope":"string","clientId":"string","clientSecret":"string","discoveryUrl":"string","claimsMapping":{"sub":["string"],"name":["string"],"email":["string"],"groups":["string"],"locale":["string"],"picture":["string"],"zoneinfo":["string"],"client_id":["string"],"email_verified":["string"]},"openid_configuration":{"issuer":"string","jwks_uri":"string","token_endpoint":"string","userinfo_endpoint":"string","end_session_endpoint":"string","authorization_endpoint":"string","introspection_endpoint":"string"},"useClaimsFromIdToken":true,"blockOfflineAccessScope":true,"emailVerifiedAlwaysTrue":true},"clockToleranceSec":5,"createNewUsersOnLogin":true,"postLogoutRedirectUri":"string"}'
const https = require('https')
const data = JSON.stringify({"options":{"realm":"string","audience":"string","discoveryUrl":"string","claimsMapping":{"sub":["string"],"client_id":["string"]},"allowedClientIds":["string"],"openid_configuration":{"issuer":"string","jwks_uri":"string","token_endpoint":"string","userinfo_endpoint":"string","end_session_endpoint":"string","authorization_endpoint":"string","introspection_endpoint":"string"}},"protocol":"OIDC","provider":"auth0","tenantIds":["string"],"skipVerify":false,"description":"string","interactive":false,"pendingOptions":{"realm":"string","scope":"string","clientId":"string","clientSecret":"string","discoveryUrl":"string","claimsMapping":{"sub":["string"],"name":["string"],"email":["string"],"groups":["string"],"locale":["string"],"picture":["string"],"zoneinfo":["string"],"client_id":["string"],"email_verified":["string"]},"openid_configuration":{"issuer":"string","jwks_uri":"string","token_endpoint":"string","userinfo_endpoint":"string","end_session_endpoint":"string","authorization_endpoint":"string","introspection_endpoint":"string"},"useClaimsFromIdToken":true,"blockOfflineAccessScope":true,"emailVerifiedAlwaysTrue":true},"clockToleranceSec":5,"createNewUsersOnLogin":true,"postLogoutRedirectUri":"string"})
const options = {
'hostname': 'https://your-tenant.us.qlikcloud.com',
'port': 443,
'path': '/api/v1/identity-providers',
'method': 'POST',
'headers': {
'Content-type': 'application/json',
'Authorization': 'Bearer <API-key>'
}
}
const req = https.request(options)
req.write(data)
qlik identity-provider create jwtauth \
--clockToleranceSec="5" \
--description="string" \
--protocol="OIDC" \
--provider="auth0" \
--tenantIds='"string"'
Request
{
"options": {
"realm": "string",
"audience": "string",
"discoveryUrl": "string",
"claimsMapping": {
"sub": [
"string"
],
"client_id": [
"string"
]
},
"allowedClientIds": [
"string"
],
"openid_configuration": {
"issuer": "string",
"jwks_uri": "string",
"token_endpoint": "string",
"userinfo_endpoint": "string",
"end_session_endpoint": "string",
"authorization_endpoint": "string",
"introspection_endpoint": "string"
}
},
"protocol": "OIDC",
"provider": "auth0",
"tenantIds": [
"string"
],
"skipVerify": false,
"description": "string",
"interactive": false,
"pendingOptions": {
"realm": "string",
"scope": "string",
"clientId": "string",
"clientSecret": "string",
"discoveryUrl": "string",
"claimsMapping": {
"sub": [
"string"
],
"name": [
"string"
],
"email": [
"string"
],
"groups": [
"string"
],
"locale": [
"string"
],
"picture": [
"string"
],
"zoneinfo": [
"string"
],
"client_id": [
"string"
],
"email_verified": [
"string"
]
},
"openid_configuration": {
"issuer": "string",
"jwks_uri": "string",
"token_endpoint": "string",
"userinfo_endpoint": "string",
"end_session_endpoint": "string",
"authorization_endpoint": "string",
"introspection_endpoint": "string"
},
"useClaimsFromIdToken": true,
"blockOfflineAccessScope": true,
"emailVerifiedAlwaysTrue": true
},
"clockToleranceSec": 5,
"createNewUsersOnLogin": true,
"postLogoutRedirectUri": "string"
}
Response
{
"id": "string",
"meta": {},
"active": true,
"created": "2018-10-30T07:06:22Z",
"protocol": "OIDC",
"provider": "auth0",
"tenantIds": [
"string"
],
"description": "string",
"interactive": true,
"lastUpdated": "2018-10-30T07:06:22Z",
"clockToleranceSec": 42,
"createNewUsersOnLogin": true,
"postLogoutRedirectUri": "string",
"options": {
"realm": "string",
"scope": "string",
"issuer": "string",
"clientId": "string",
"clientSecret": "string",
"discoveryUrl": "string",
"claimsMapping": {
"sub": [
"string"
],
"name": [
"string"
],
"email": [
"string"
],
"groups": [
"string"
],
"locale": [
"string"
],
"picture": [
"string"
],
"zoneinfo": [
"string"
],
"client_id": [
"string"
],
"email_verified": [
"string"
]
},
"openid_configuration": {
"issuer": "string",
"jwks_uri": "string",
"token_endpoint": "string",
"userinfo_endpoint": "string",
"end_session_endpoint": "string",
"authorization_endpoint": "string",
"introspection_endpoint": "string"
},
"blockOfflineAccessScope": true,
"emailVerifiedAlwaysTrue": true
},
"pendingState": "verified",
"pendingResult": {
"error": "string",
"status": "success",
"started": "2018-10-30T07:06:22Z",
"protocol": "OIDC",
"idpClaims": {},
"oauth2Error": {
"error": "string",
"errorURI": "string",
"errorDescription": "string"
},
"resultantClaims": {}
},
"pendingOptions": {
"realm": "string",
"scope": "string",
"issuer": "string",
"clientId": "string",
"clientSecret": "string",
"discoveryUrl": "string",
"claimsMapping": {
"sub": [
"string"
],
"name": [
"string"
],
"email": [
"string"
],
"groups": [
"string"
],
"locale": [
"string"
],
"picture": [
"string"
],
"zoneinfo": [
"string"
],
"client_id": [
"string"
],
"email_verified": [
"string"
]
},
"openid_configuration": {
"issuer": "string",
"jwks_uri": "string",
"token_endpoint": "string",
"userinfo_endpoint": "string",
"end_session_endpoint": "string",
"authorization_endpoint": "string",
"introspection_endpoint": "string"
},
"blockOfflineAccessScope": true,
"emailVerifiedAlwaysTrue": true
}
}
This endpoint retrieves identity providers' metadata.
Facts
Rate limit | Tier 1 (1000 requests per minute) |
Categories | externalmanage |
Responses
200
application/json
Success
- application/jsonobject
curl "https://your-tenant.us.qlikcloud.com/api/v1/identity-providers/.well-known/metadata.json" \
-H "Authorization: Bearer <API-key>"
const https = require('https')
const data = JSON.stringify("")
const options = {
'hostname': 'https://your-tenant.us.qlikcloud.com',
'port': 443,
'path': '/api/v1/identity-providers/.well-known/metadata.json',
'method': 'GET',
'headers': {
'Authorization': 'Bearer <API-key>'
}
}
const req = https.request(options)
qlik identity-provider .well-known metadata.json
Response
{}
This endpoint is used to retrieve an identity provider from the service. It returns a valid 200 OK response when the IdP exists and the user (TenantAdmin) or service (edge-auth) is authorized to view the contents. Additionally, returns a header "QLIK-IDP-POPTS" (A unique string representing a hash of the current configuration being tested). It returns a 404 Not Found if the criteria is not met.
Facts
Rate limit | Tier 1 (1000 requests per minute) |
Categories | externalmanage |
Path Parameters
- idstringRequired
The identity provider ID.
Responses
200
application/json
Success
- application/jsonobjectOne of:
- BaseIDPobject
An OIDC-compliant identity provider.
BaseIDP properties
- idstring
The unique identifier for the IdP.
- metaobject
- activeboolean
Indicates whether the IdP is available for use.
- createdstring
The timestamp for when the IdP was created.
- protocolstring
The protocol to be used for communicating with the identity provider. Valid values are
OIDC
,SAML
,jwtAuth
, andqsefw-local-bearer-token
.Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"
- providerstring
The identity provider to be used. If protocol is
OIDC
, the valid values areauth0
,okta
,generic
,salesforce
,keycloak
,adfs
, andazureAD
. If protocol isjwtAuth
, the valid value isexternal
.Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"
- tenantIdsarray of strings
The tenant identifiers associated with the given IdP.
- descriptionstring
- interactiveboolean
Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.
- lastUpdatedstring
The timestamp for when the IdP was last updated.
- clockToleranceSecinteger
- createNewUsersOnLoginboolean
When the flag is true, new users should be created when logging in for the first time.
- postLogoutRedirectUristring
Direct the user on logout to a specific URI.
- optionsobject
options properties
- realmstring
The realm identifier for the IdP.
- scopestring
Scope that will be sent along with token requests to the IdP.
- issuerstring
This field is only used in Qlik Sense Enterprise Client-Managed IdPs.
- clientIdstring
The client identifier used as part of authenticating an interactive identity provider.
- clientSecretstring
The client secret used as part of authenticating an interactive identity provider.
- discoveryUrlstring
The OpenID configuration endpoint. (Ex: https://
/.well-known/openid-configuration). - claimsMappingobject
Mappings from claim name to an array of JSON pointers that point to locations in the claims from the IdP to retrieve the value from.
claimsMapping properties
- subarray of strings
A list of JSON pointers used to map the user's subject.
- namearray of strings
A list of JSON pointers used to map the user's name.
- emailarray of strings
A list of JSON pointers used to map the user's email.
- groupsarray of strings
A list of JSON pointers used to map the user's groups.
- localearray of strings
A list of JSON pointers used to map the user's locale.
- picturearray of strings
A list of JSON pointers used to map the user's picture.
- zoneinfoarray of strings
A list of JSON pointers used to map the user's zoneinfo.
- client_idarray of strings
A list of JSON pointers used to map the user's client ID.
- email_verifiedarray of strings
A list of JSON pointers used to map the user's email_verified claim.
-
- openid_configurationobject
OpenID configuration
openid_configuration properties
- issuerstringRequired
OpenID Provider issuer
- jwks_uristringRequired
URL of the OP's JSON Web Key Set [JWK] document
- token_endpointstringRequired
OAuth 2.0 Token Endpoint
- userinfo_endpointstring
URL of the OP's UserInfo Endpoint
- end_session_endpointstring
URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.
- authorization_endpointstringRequired
OAuth 2.0 Authorization Endpoint
- introspection_endpointstring
The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
-
- blockOfflineAccessScopeboolean
If true, the
offline_access
scope will not be requested from the IdP, where applicable. - emailVerifiedAlwaysTrueboolean
Determines if email_verified should be always true. This field is only used in ADFS and AzureAD IdPs.
-
- pendingStatestring
The state of pendingOptions. This represents the latest IdP test result.
Can be one of: "verified""pending""error"
- pendingResultobject
pendingResult properties
- errorstring
A unique readable error message based on the error that has occurred.
- statusstringRequired
The status of the IdP configuration being tested.
Can be one of: "success""pending""error""claimsError""callbackError""tokenError""protocolError""networkError""configChangedDuringTestError"
- startedstring
The timestamp for when the test was started for an IdP configuration. This field is only available during lifespan of the test.
- protocolstring
The protocol used to communicate with the IdP during the test flow.
Can be one of: "OIDC""SAML"
- idpClaimsobject
The claims retrieved from the external IdP.
- oauth2Errorobject
oauth2Error properties
- errorstringRequired
An error code to identity the authentication error.
- errorURIstring
An optional URI that includes additional information about the given error.
- errorDescriptionstring
An optional human-readable description for the given error code.
-
- resultantClaimsobject
The resultant claims based on the claims received from the external IdP.
-
- pendingOptionsobject
pendingOptions properties
- realmstring
The realm identifier for the IdP.
- scopestring
Scope that will be sent along with token requests to the IdP.
- issuerstring
This field is only used in Qlik Sense Enterprise Client-Managed IdPs.
- clientIdstring
The client identifier used as part of authenticating an interactive identity provider.
- clientSecretstring
The client secret used as part of authenticating an interactive identity provider.
- discoveryUrlstring
The OpenID configuration endpoint. (Ex: https://
/.well-known/openid-configuration). - claimsMappingobject
Mappings from claim name to an array of JSON pointers that point to locations in the claims from the IdP to retrieve the value from.
claimsMapping properties
- subarray of strings
A list of JSON pointers used to map the user's subject.
- namearray of strings
A list of JSON pointers used to map the user's name.
- emailarray of strings
A list of JSON pointers used to map the user's email.
- groupsarray of strings
A list of JSON pointers used to map the user's groups.
- localearray of strings
A list of JSON pointers used to map the user's locale.
- picturearray of strings
A list of JSON pointers used to map the user's picture.
- zoneinfoarray of strings
A list of JSON pointers used to map the user's zoneinfo.
- client_idarray of strings
A list of JSON pointers used to map the user's client ID.
- email_verifiedarray of strings
A list of JSON pointers used to map the user's email_verified claim.
-
- openid_configurationobject
OpenID configuration
openid_configuration properties
- issuerstringRequired
OpenID Provider issuer
- jwks_uristringRequired
URL of the OP's JSON Web Key Set [JWK] document
- token_endpointstringRequired
OAuth 2.0 Token Endpoint
- userinfo_endpointstring
URL of the OP's UserInfo Endpoint
- end_session_endpointstring
URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.
- authorization_endpointstringRequired
OAuth 2.0 Authorization Endpoint
- introspection_endpointstring
The introspection endpoint is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON [RFC7159] document representing the meta information.
-
- blockOfflineAccessScopeboolean
If true, the
offline_access
scope will not be requested from the IdP, where applicable. - emailVerifiedAlwaysTrueboolean
Determines if email_verified should be always true. This field is only used in ADFS and AzureAD IdPs.
-
-
- BaseIDPobject
A SAML-compliant identity provider.
BaseIDP properties
- idstring
The unique identifier for the IdP.
- metaobject
- activeboolean
Indicates whether the IdP is available for use.
- createdstring
The timestamp for when the IdP was created.
- protocolstring
The protocol to be used for communicating with the identity provider. Valid values are
OIDC
,SAML
,jwtAuth
, andqsefw-local-bearer-token
.Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"
- providerstring
The identity provider to be used. If protocol is
OIDC
, the valid values areauth0
,okta
,generic
,salesforce
,keycloak
,adfs
, andazureAD
. If protocol isjwtAuth
, the valid value isexternal
.Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"
- tenantIdsarray of strings
The tenant identifiers associated with the given IdP.
- descriptionstring
- interactiveboolean
Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.
- lastUpdatedstring
The timestamp for when the IdP was last updated.
- clockToleranceSecinteger
- createNewUsersOnLoginboolean
When the flag is true, new users should be created when logging in for the first time.
- postLogoutRedirectUristring
Direct the user on logout to a specific URI.
- optionsobject
options properties
- entityIdstring
The entity URL for the SAML IdP.
- signOnUrlstring
The sign on URL for the SAML IdP.
- signingKeysarray of objects
- certificatesarray of objects
- nameIdFormatstring
The name identifier format that will be requested from the identity provider.
Can be one of: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress""urn:oasis:names:tc:SAML:2.0:nameid-format:persistent""urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
- claimsMappingobject
Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.
claimsMapping properties
- subarray of stringsRequired
A list of SAML attributes used to map the user's subject.
- namearray of stringsRequired
A list of SAML attributes used to map the user's name.
- emailarray of stringsRequired
A list of SAML attributes used to map the user's email.
- groupsarray of stringsRequired
A list of SAML attributes used to map the user's groups.
- picturearray of stringsRequired
A list of SAML attributes used to map the user's picture.
-
- allowIdpInitiatedLoginboolean
Toggle to allow IdP initated login by the SAML IdP.
- signingKeySelectedRefIdstring
The reference ID of the chosen signing key pair.
-
- pendingStatestring
The state of pendingOptions. This represents the latest IdP test result.
Can be one of: "verified""pending""error"
- pendingResultobject
pendingResult properties
- errorstring
A unique readable error message based on the error that has occurred.
- statusstringRequired
The status of the IdP configuration being tested.
Can be one of: "success""pending""error""claimsError""callbackError""tokenError""protocolError""networkError""configChangedDuringTestError"
- startedstring
The timestamp for when the test was started for an IdP configuration. This field is only available during lifespan of the test.
- protocolstring
The protocol used to communicate with the IdP during the test flow.
Can be one of: "OIDC""SAML"
- idpClaimsobject
The claims retrieved from the external IdP.
- oauth2Errorobject
oauth2Error properties
- errorstringRequired
An error code to identity the authentication error.
- errorURIstring
An optional URI that includes additional information about the given error.
- errorDescriptionstring
An optional human-readable description for the given error code.
-
- resultantClaimsobject
The resultant claims based on the claims received from the external IdP.
-
- pendingOptionsobject
pendingOptions properties
- entityIdstring
The entity URL for the SAML IdP.
- signOnUrlstring
The sign on URL for the SAML IdP.
- signingKeysarray of objects
- certificatesarray of objects
- nameIdFormatstring
The name identifier format that will be requested from the identity provider.
Can be one of: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress""urn:oasis:names:tc:SAML:2.0:nameid-format:persistent""urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
- claimsMappingobject
Mappings from claim name to an array of SAML attribute names that point to locations in the claims from the IdP to retrieve the value from.
claimsMapping properties
- subarray of stringsRequired
A list of SAML attributes used to map the user's subject.
- namearray of stringsRequired
A list of SAML attributes used to map the user's name.
- emailarray of stringsRequired
A list of SAML attributes used to map the user's email.
- groupsarray of stringsRequired
A list of SAML attributes used to map the user's groups.
- picturearray of stringsRequired
A list of SAML attributes used to map the user's picture.
-
- allowIdpInitiatedLoginboolean
Toggle to allow IdP initated login by the SAML IdP.
- signingKeySelectedRefIdstring
The reference ID of the chosen signing key pair.
-
-
- BaseIDPobject
An identity provider for JWT authentication.
BaseIDP properties
- idstring
The unique identifier for the IdP.
- metaobject
- activeboolean
Indicates whether the IdP is available for use.
- createdstring
The timestamp for when the IdP was created.
- protocolstring
The protocol to be used for communicating with the identity provider. Valid values are
OIDC
,SAML
,jwtAuth
, andqsefw-local-bearer-token
.Can be one of: "OIDC""SAML""jwtAuth""qsefw-local-bearer-token"
- providerstring
The identity provider to be used. If protocol is
OIDC
, the valid values areauth0
,okta
,generic
,salesforce
,keycloak
,adfs
, andazureAD
. If protocol isjwtAuth
, the valid value isexternal
.Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"
- tenantIdsarray of strings
The tenant identifiers associated with the given IdP.
- descriptionstring
- interactiveboolean
Indicates the type of connection with the IdP, either interactive login or a machine to machine connection.
- lastUpdatedstring
The timestamp for when the IdP was last updated.
- clockToleranceSecinteger
- createNewUsersOnLoginboolean
When the flag is true, new users should be created when logging in for the first time.
- postLogoutRedirectUristring
Direct the user on logout to a specific URI.
- optionsobject
options properties
- issuerstring
The expected JWT issuer
- staticKeysarray of objects
staticKeys properties
- kidstring
Key ID used to sign the JWTs.
- pemstring
Pem-encoded public key for verifying the JWTs.
-
-
-
-
401
application/json
Unauthorized
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
404
application/json
Not Found
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
curl "https://your-tenant.us.qlikcloud.com/api/v1/identity-providers/{id}" \
-H "Authorization: Bearer <API-key>"
const https = require('https')
const data = JSON.stringify("")
const options = {
'hostname': 'https://your-tenant.us.qlikcloud.com',
'port': 443,
'path': '/api/v1/identity-providers/{id}',
'method': 'GET',
'headers': {
'Authorization': 'Bearer <API-key>'
}
}
const req = https.request(options)
qlik identity-provider get <identity-providerId>
Response
{
"id": "string",
"meta": {},
"active": true,
"created": "2018-10-30T07:06:22Z",
"protocol": "OIDC",
"provider": "auth0",
"tenantIds": [
"string"
],
"description": "string",
"interactive": true,
"lastUpdated": "2018-10-30T07:06:22Z",
"clockToleranceSec": 42,
"createNewUsersOnLogin": true,
"postLogoutRedirectUri": "string",
"options": {
"realm": "string",
"scope": "string",
"issuer": "string",
"clientId": "string",
"clientSecret": "string",
"discoveryUrl": "string",
"claimsMapping": {
"sub": [
"string"
],
"name": [
"string"
],
"email": [
"string"
],
"groups": [
"string"
],
"locale": [
"string"
],
"picture": [
"string"
],
"zoneinfo": [
"string"
],
"client_id": [
"string"
],
"email_verified": [
"string"
]
},
"openid_configuration": {
"issuer": "string",
"jwks_uri": "string",
"token_endpoint": "string",
"userinfo_endpoint": "string",
"end_session_endpoint": "string",
"authorization_endpoint": "string",
"introspection_endpoint": "string"
},
"blockOfflineAccessScope": true,
"emailVerifiedAlwaysTrue": true
},
"pendingState": "verified",
"pendingResult": {
"error": "string",
"status": "success",
"started": "2018-10-30T07:06:22Z",
"protocol": "OIDC",
"idpClaims": {},
"oauth2Error": {
"error": "string",
"errorURI": "string",
"errorDescription": "string"
},
"resultantClaims": {}
},
"pendingOptions": {
"realm": "string",
"scope": "string",
"issuer": "string",
"clientId": "string",
"clientSecret": "string",
"discoveryUrl": "string",
"claimsMapping": {
"sub": [
"string"
],
"name": [
"string"
],
"email": [
"string"
],
"groups": [
"string"
],
"locale": [
"string"
],
"picture": [
"string"
],
"zoneinfo": [
"string"
],
"client_id": [
"string"
],
"email_verified": [
"string"
]
},
"openid_configuration": {
"issuer": "string",
"jwks_uri": "string",
"token_endpoint": "string",
"userinfo_endpoint": "string",
"end_session_endpoint": "string",
"authorization_endpoint": "string",
"introspection_endpoint": "string"
},
"blockOfflineAccessScope": true,
"emailVerifiedAlwaysTrue": true
}
}
This endpoint patches an identity provider from the service. It returns a valid 204 when the IdP is patched. Only an edge-auth service request or a user with the role of TenantAdmin can patch an associated IdP. Partial failure is treated as complete failure and returns an error.
Facts
Rate limit | Tier 2 (100 requests per minute) |
Categories | externalmanage |
Header Parameters
- QLIK-IDP-POPTS-MATCHstring
A unique string representing a hash that should map to an IdP's hash representation of the current configuration being tested.
Path Parameters
- idstringRequired
The identity provider ID.
Request Body
application/json
Attributes that the user wants to patially update for an identity provider resource.
- application/jsonarrayOne of:
- array of objects
A patch request for an identity provider using the
OIDC
protocol.properties
- opstringRequired
The "operation" to be performed on a given IdP. Currently supports a custom operation value called "promote-options" that allows the test configuration to be promoted to the current configuration used for login.
Can be one of: "replace""promote-options"
- pathstring
The "path" to the part of the IdP document.
Can be one of: "/active""/description""/meta""/options""/options/realm""/options/discoveryUrl""/options/claimsMapping""/pendingOptions""/pendingOptions/realm""/pendingOptions/discoveryUrl""/pendingOptions/clientId""/pendingOptions/clientSecret""/pendingOptions/emailVerifiedAlwaysTrue""/pendingOptions/claimsMapping""/postLogoutRedirectUri""/clockToleranceSec"
- valueany
The "value" data type is dependent on the path value being used.
-
- array of objects
A patch request for an identity provider using the
SAML
protocol. Supports a custom operation value calledpromote-options
that allows the test configuration (pendingOptions
) to be promoted to the live configuration (options
) used for login.'properties
- opstringRequired
The "operation" to be performed on a given IdP.
Can be one of: "replace""promote-options"
- pathstring
The "path" to the part of the IdP document.
Can be one of: "/active""/description""/pendingOptions""/pendingOptions/nameIdFormat""/pendingOptions/allowIdpInitiatedLogin""/pendingOptions/entityId""/pendingOptions/signOnUrl""/pendingOptions/metadata""/pendingOptions/certificates""/pendingOptions/claimsMapping""/postLogoutRedirectUri""/clockToleranceSec"
- valueany
The "value" data type is dependent on the path value being used.
-
- array of objects
A patch request for an identity provider using the
jwtAuth
protocol.properties
- opstringRequired
The "operation" to be performed on a given IdP.
Can be one of: "replace"
- pathstring
The "path" to the part of the IdP document.
Can be one of: "/description"
- valueany
The "value" data type is dependent on the path value being used.
-
-
Responses
204
Success
400
application/json
Bad request. Invalid request body, URL, or state transition.
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
401
application/json
Unauthorized
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
403
application/json
Access Denied. Only the edge-auth service or TenantAdmin user request can patch an IdP.
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
404
application/json
Not Found
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
412
application/json
Precondition Failed. Missing QLIK-IDP-OPTS-MATCH header, or value doesn't match against IdP test configuration value.
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
500
application/json
Internal server error, the operation failed unexpectedly
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
curl "https://your-tenant.us.qlikcloud.com/api/v1/identity-providers/{id}" \
-X PATCH \
-H "Content-type: application/json" \
-H "Authorization: Bearer <API-key>" \
-d '[{"op":"replace","path":"/active"}]'
const https = require('https')
const data = JSON.stringify([{"op":"replace","path":"/active"}])
const options = {
'hostname': 'https://your-tenant.us.qlikcloud.com',
'port': 443,
'path': '/api/v1/identity-providers/{id}',
'method': 'PATCH',
'headers': {
'Content-type': 'application/json',
'Authorization': 'Bearer <API-key>'
}
}
const req = https.request(options)
req.write(data)
qlik identity-provider patch jwtauth <identity-providerId> \
--body='[{"op":"replace","path":"/active"}]'
Request
[
{
"op": "replace",
"path": "/active"
}
]
This endpoint deletes an identity provider from the service. It returns a valid 204 when the IdP is deleted. Only a user with the role of TenantAdmin and tenant access can delete an associated IdP. Edge-auth service can also delete.
Facts
Rate limit | Tier 2 (100 requests per minute) |
Categories | externalmanage |
Path Parameters
- idstringRequired
The identity provider ID.
Responses
204
Success
400
application/json
Bad request. The interactive IdP for the tenant can't be deleted.
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
404
application/json
Not Found
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
curl "https://your-tenant.us.qlikcloud.com/api/v1/identity-providers/{id}" \
-X DELETE \
-H "Authorization: Bearer <API-key>"
const https = require('https')
const data = JSON.stringify("")
const options = {
'hostname': 'https://your-tenant.us.qlikcloud.com',
'port': 443,
'path': '/api/v1/identity-providers/{id}',
'method': 'DELETE',
'headers': {
'Authorization': 'Bearer <API-key>'
}
}
const req = https.request(options)
qlik identity-provider rm <identity-providerId>
This endpoint retrieves IdP metadata.
Facts
Rate limit | Tier 1 (1000 requests per minute) |
Categories | externalmanage |
Responses
200
application/json
Success
- application/jsonobject
application/json properties
- userPortalLinkstring
A link to direct you to where you can manage your Qlik account. Only available if the default identity provider is used (no custom interactive identity providers are active).
- upgradeSubscriptionLinkstring
A link to direct you to where you can upgrade your trial or manage your subscriptions. Only available if the default identity provider is used (no custom interactive identity providers are active).
-
403
application/json
Forbidden
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
404
application/json
Not Found
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
500
application/json
Internal server error
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
curl "https://your-tenant.us.qlikcloud.com/api/v1/identity-providers/me/meta" \
-H "Authorization: Bearer <API-key>"
const https = require('https')
const data = JSON.stringify("")
const options = {
'hostname': 'https://your-tenant.us.qlikcloud.com',
'port': 443,
'path': '/api/v1/identity-providers/me/meta',
'method': 'GET',
'headers': {
'Authorization': 'Bearer <API-key>'
}
}
const req = https.request(options)
qlik identity-provider me meta
Response
{
"userPortalLink": "string",
"upgradeSubscriptionLink": "string"
}
This endpoint retrieves the status of IdP configurations. Requires TenantAdmin role.
Facts
Rate limit | Tier 1 (1000 requests per minute) |
Categories | externalmanage |
Responses
200
application/json
Success
- application/jsonobject
application/json properties
- idps_metadataarray of objects
A list of IdP metadata.
idps_metadata properties
- activeboolean
Indicates whether the IdP is available for use.
- providerstring
The identity provider to be used. If protocol is
OIDC
, the valid values areauth0
,okta
,generic
,salesforce
,keycloak
,adfs
, andazureAD
. If protocol isjwtAuth
, the valid value isexternal
.Can be one of: "auth0""okta""qlik""generic""salesforce""keycloak""adfs""external""azureAD"
- interactiveboolean
Indicates whether the IdP is meant for interactive login.
-
- active_interactive_idps_countnumber
The number of active interactive IdPs.
-
403
application/json
Forbidden
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
404
application/json
Not Found
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
500
application/json
Internal Server Error
A representation of the errors encountered from the HTTP request.
- application/jsonobject
A representation of the errors encountered from the HTTP request.
application/json properties
- errorsarray of objects
-
curl "https://your-tenant.us.qlikcloud.com/api/v1/identity-providers/status" \
-H "Authorization: Bearer <API-key>"
const https = require('https')
const data = JSON.stringify("")
const options = {
'hostname': 'https://your-tenant.us.qlikcloud.com',
'port': 443,
'path': '/api/v1/identity-providers/status',
'method': 'GET',
'headers': {
'Authorization': 'Bearer <API-key>'
}
}
const req = https.request(options)
qlik identity-provider status
Response
{
"idps_metadata": [
{
"active": true,
"provider": "auth0",
"interactive": true
}
],
"active_interactive_idps_count": 42
}