Create an organization-level OAuth2 client
In this tutorial, you learn how to create an organization-level OAuth2 client. Organization-level OAuth clients enable you to access tenant information and perform operations across all tenants in your subscriptions without needing separate credentials for each region or tenant.
An organization-level OAuth client is useful when you need to:
- List tenants across multiple subscriptions and regions
Only the Service Account Owner (SAO) of a subscription can create and manage organization-level OAuth clients.
Comparison with other OAuth client types
Qlik Cloud supports three different OAuth client types at different tiers:
| Client Type | Scope | Use Case | Managed By |
|---|---|---|---|
| Organization-level | All tenants across all subscriptions and regions | Access tenant information across your organization | SAO |
| Region-level | All tenants in a specific region (single subscription) | Multi-tenant management within a region | SAO |
| Tenant-level | Single tenant | Tenant-specific applications and operations | Tenant administrator |
Prerequisites
- Service Account Owner (SAO) role for your subscription
- At least one existing subscription
Create an organization-level OAuth2 client
-
In a web browser, go to https://console.qlikcloud.com/admin/oauth. You’ll be prompted to sign in with your service account owner (SAO) credentials
-
Click Create.
-
Enter a name for the OAuth client. Use a descriptive name that identifies the purpose of this client.
-
(Optional) Add a description to document what this client is used for.
-
Click Create.
-
The system generates and displays a client ID and client secret. You will use these credentials to authenticate your applications:
- Click to copy the client ID. You can retrieve this ID later from the context menu for the OAuth client.
- Click Copy secret to copy the client secret.
The client secret is displayed only once during creation. You will not be able to access it again after closing this dialog. Treat it like a password and do not expose it in source code, repositories, or logs.
- Click Close.
Using your organization-level OAuth client
After creating your OAuth client, you can use the client ID and secret to request an access token and authenticate to the Organization REST APIs, which allow you to:
- List and query tenants across all subscriptions and regions in your organization
- Access organization-level tenant metadata and subscription IDs
Organization-level APIs use a different endpoint than tenant APIs. They target the organization endpoint
at https://console.qlikcloud.com instead of a specific tenant hostname.
For step-by-step instructions on making your first API call with your new OAuth client, see Get started with organization APIs.
To learn more about organization APIs and their capabilities, see the Organization REST APIs overview.