Create identity providers
Example creation requests
These examples illustrate how to create identity providers. To learn more, review the Identity providers API specification or Identity providers on Qlik Help.
Note: You will need to update the examples on this page to match your identity provider configuration, in particular, the fields you intend to map into claims.
JWT
JWT IdP
Create a JWT IdP. Note that the pem
must be on a single line without any line breaks
(the displayed example has been shortened).
For information on how to do this manually, review the tutorial Create Signed Tokens for JWT Authorization.
curl --location "https://mytenant.eu.qlikcloud.com/api/v1/identity-providers" ^
--header "Content-Type: application/json" ^
--header "Authorization: Bearer <ACCESS_TOKEN>" ^
--data "{
\"tenantIds\": [
\"BL4tTJ4S7xrHTcq0zQxQrJ5qB1_Q6cSo\"
],
\"provider\": \"external\",
\"protocol\": \"jwtAuth\",
\"interactive\": false,
\"active\": true,
\"description\": \"Auth for my web app\",
\"options\": {
\"jwtLoginEnabled\": true,
\"issuer\": \"myorganization.com\",
\"staticKeys\": [
{
\"pem\": \"-----BEGIN CERTIFICATE-----MIIFwzCCA6ugAwIBAgIUY2166Gzw/yzoXgTTXogqjWeWsCUwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMQ0wCwYDVQQKDARRbGlrMQ0wCwYDVQQLDARRbGlrMQ0wCwYDVQQDDARRbGlrMRMwEQYJKoZIhvcNAQkBFgRRbGlrMB4XDTIyMDUxODEzMzMx-----END CERTIFICATE-----\",
\"kid\": \"myorganization20240205\"
}
]
}
}"
To create this using the Create JWT Identity Provider
block in the Qlik Platform
Operations connector in Qlik Application Automation, copy and paste this code into a workspace
to add the block:
{"blocks":[{"id":"4D668B90-65CD-46C6-9DE5-047B597CBAAF","type":"EndpointBlock","disabled":false,"name":"CreateJWTIdentityProvider","displayName":"Qlik Platform Operations - Create JWT Identity Provider","comment":"","childId":null,"inputs":[{"id":"a4444590-1fb9-11ed-bd30-956b614a1313","value":"mytenant.eu.qlikcloud.com","type":"string","structure":{}},{"id":"b6137520-1fbd-11ed-b178-73e57788c51f","value":"-----BEGIN CERTIFICATE-----MIIFwzCCA6ugAwIBAgIUY2166Gzw/yzoXgTTXogqjWeWsCUwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMQ0wCwYDVQQKDARRbGlrMQ0wCwYDVQQLDARRbGlrMQ0wCwYDVQQDDARRbGlrMRMwEQYJKoZIhvcNAQkBFgRRbGlrMB4XDTIyMDUxODEzMzMx-----END CERTIFICATE-----","type":"longtext","structure":{}},{"id":"be815d80-1fbd-11ed-8b5f-7dd058ec3767","value":"myorganization20240205","type":"string","structure":{}},{"id":"5d63fa10-1fbe-11ed-9033-5f8daf6b2b4e","value":"myorganization.com","type":"string","structure":{}},{"id":"38f81ad0-9cc0-11ed-a6c7-89c189cfbe31","value":"Auth for my web app","type":"string","structure":{}},{"id":"443172a0-9cc0-11ed-b12b-755bd4ec9f2f","value":null,"type":"string","structure":{}}],"settings":[{"id":"datasource","value":"cccc14a0-d233-11ed-b0d0-33e7e8bc635b","type":"select","structure":{}},{"id":"blendr_on_error","value":"stop","type":"select","structure":{}},{"id":"automations_censor_data","value":false,"type":"checkbox","structure":{}}],"collapsed":[{"name":"loop","isCollapsed":false}],"x":-753,"y":100,"datasourcetype_guid":"c7e48240-e0f2-11ec-ada1-d5ef75014b77","endpoint_guid":"a42eaaf0-1fb9-11ed-91f8-355a98a8e3f6","endpoint_role":"create"}],"variables":[]}
OIDC
Microsoft Entra ID (Azure AD - non-SCIM)
Creates an interactive OIDC IdP for Microsoft Entra ID (Azure AD). Ensure that the mapped claims match the desired values from your IdP.
For information on how to do this manually, review How To: Configure Qlik Sense Enterprise SaaS to use Azure AD as an IdP.
curl --location "https://mytenant.eu.qlikcloud.com/api/v1/identity-providers" ^
--header "Content-Type: application/json" ^
--header "Authorization: Bearer <ACCESS_TOKEN>" ^
--header "Accept: application/json" ^
--data "{
\"tenantIds\": [
\"BL4tTJ4S7xrHTcq0zQxQrJ5qB1_Q6cSo\"
],
\"provider\": \"azureAD\",
\"protocol\": \"OIDC\",
\"interactive\": true,
\"Options\": {
\"discoveryUrl\": \"https://login.microsoftonline.com/c21eeb5f-f5a6-44e8-a997-123f2f7a123c/v2.0/.well-known/openid-configuration\",
\"clientId\": \"76d2ce8f-630b-4e5a-904b-a0d6a53aabc2\",
\"clientSecret\": \"thisisyourappregistrationsecret\",
\"realm\": \"mydomain\",
\"claimsMapping\": {
\"client_id\": [
\"client_id\"
],
\"email\": [
\"email\"
],
\"groups\": [
\"groups\"
],
\"name\": [
\"name\"
],
\"picture\": [
\"picture\"
],
\"sub\": [
\"sub\"
]
},
\"emailVerifiedAlwaysTrue\": true,
\"useClaimsFromIdToken\": true,
\"blockOfflineAccessScope\": false
},
\"description\": \"Azure AD deployed via API call\",
\"skipVerify\": true
}"
To create this using the Create OIDC Identity Provider
block in the Qlik Platform
Operations connector in Qlik Application Automation, copy and paste this code into a workspace
to add the block:
{"blocks":[{"id":"2E0FA0FC-3E53-4FE2-8E8F-0D12C937AA19","type":"EndpointBlock","disabled":false,"name":"CreateInteractiveIdentityProvider","displayName":"Qlik Platform Operations - Create Interactive Identity Provider","comment":"","childId":"4D668B90-65CD-46C6-9DE5-047B597CBAAF","inputs":[{"id":"73f441c0-1fc2-11ed-8591-5f09098e0d84","value":"mytenant.eu.qlikcloud.com","type":"string","structure":{}},{"id":"1f5641f0-1fc6-11ed-95e1-e5b91a91e8d9","value":"azureAD","type":"string","structure":{}},{"id":"74262860-1fc2-11ed-b3a2-f38dfe17f29d","value":"https://login.microsoftonline.com/c21eeb5f-f5a6-44e8-a997-123f2f7a123c/v2.0/.well-known/openid-configuration","type":"string","structure":{}},{"id":"7813e6a0-1fc6-11ed-850f-fbd8bf087080","value":"76d2ce8f-630b-4e5a-904b-a0d6a53aabc2","type":"string","structure":{}},{"id":"83dbdca0-1fc6-11ed-b7e9-cf844ebe61cf","value":"thisisyourappregistrationsecret","type":"string","structure":{}},{"id":"30836510-1fc6-11ed-a560-9174ff134e41","value":"Azure AD deployed via API call","type":"string","structure":{}},{"id":"42699cb0-1fc6-11ed-b630-3f767948dcd6","value":"4854c0e0-1fc6-11ed-b910-1d264b935638","type":"select","displayValue":"true","structure":{}},{"id":"a6e4a3c0-1fc6-11ed-97ec-f5a6e3101608","value":"mydomain","type":"string","structure":{}},{"id":"fd76d6e0-1fcb-11ed-b7a0-793303a38143","value":"05214ae0-1fcc-11ed-94db-e5bdf7818efc","type":"select","displayValue":"true","structure":{}}],"settings":[{"id":"datasource","value":"cccc14a0-d233-11ed-b0d0-33e7e8bc635b","type":"select","structure":{}},{"id":"blendr_on_error","value":"stop","type":"select","structure":{}},{"id":"automations_censor_data","value":false,"type":"checkbox","structure":{}}],"collapsed":[{"name":"loop","isCollapsed":false}],"x":-349,"y":153,"datasourcetype_guid":"c7e48240-e0f2-11ec-ada1-d5ef75014b77","endpoint_guid":"73d15050-1fc2-11ed-8977-a90e9b97955a","endpoint_role":"create"}],"variables":[]}
Note that if you intend to customize the claim mappings in Qlik Application
Automation, you need to use the Raw API Request
block.