identity-provider create saml
qlik identity-provider create saml
Create a new IdP
Synopsis
Creates a new IdP on a tenant. Requesting user must be assigned the TenantAdmin role. For non-interactive IdPs (e.g. JWT), IdP must be created by sending options payload. For interactive IdPs (e.g. SAML or OIDC), send pendingOptions payload to require the interactive verification step; or send options payload with skipVerify set to true to skip validation step and make IdP immediately available.
qlik identity-provider create saml [flags]Options
--clockToleranceSec int There can be clock skew between the IdP and Qlik's login server. In these cases, a tolerance can be set. --createNewUsersOnLogin Tells the consumer of the IdP that new users should be created on login if they don't exist. --description string Payload for creating a SAML compatible identity provider. -f, --file string Reads request from a file -h, --help help for saml --interactive Indicates whether the IdP is meant for interactive login. Must be true for SAML IdPs. --interval int Duration in seconds to wait between retries, at least 1 (default 1) --options-allowIdpInitiatedLogin Toggle to allow IdP initated login by the SAML IdP. --options-certificates string The certificates used for validating signed responses. Required if metadata is not provided. (JSON array) Array of JSON-objects with the fields: "certificate" - The X.509 certificate for validating signed SAML responses. (string) "encryption" - Indicates whether the certificate is used for encryption. (boolean) "name" - Given name for this certificate. (string) "signature" - Indicates whether the certificate is used for the signature. (boolean) Required fields: certificate Example value: [{"certificate":"abc","encryption":true,"name":"abc","signature":true}] (default "[]") --options-claimsMapping-email strings A list of SAML attributes used to map the user's email. --options-claimsMapping-groups strings A list of SAML attributes used to map the user's groups. --options-claimsMapping-name strings A list of SAML attributes used to map the user's name. --options-claimsMapping-picture strings A list of SAML attributes used to map the user's picture. --options-claimsMapping-sub strings A list of SAML attributes used to map the user's subject. --options-entityId string The entity ID for the SAML IdP. Required if metadata is not provided. --options-metadata-raw string The IDP metadata XML in base64-encoded format. --options-nameIdFormat string The name identifier format that will be requested from the identity provider. --options-signOnUrl string The sign on URL for the SAML IdP. Required if metadata is not provided. --pendingOptions-allowIdpInitiatedLogin Toggle to allow IdP initated login by the SAML IdP. --pendingOptions-certificates string The certificates used for validating signed responses. Required if metadata is not provided. (JSON array) Array of JSON-objects with the fields: "certificate" - The X.509 certificate for validating signed SAML responses. (string) "encryption" - Indicates whether the certificate is used for encryption. (boolean) "name" - Given name for this certificate. (string) "signature" - Indicates whether the certificate is used for the signature. (boolean) Required fields: certificate Example value: [{"certificate":"abc","encryption":true,"name":"abc","signature":true}] (default "[]") --pendingOptions-claimsMapping-email strings A list of SAML attributes used to map the user's email. --pendingOptions-claimsMapping-groups strings A list of SAML attributes used to map the user's groups. --pendingOptions-claimsMapping-name strings A list of SAML attributes used to map the user's name. --pendingOptions-claimsMapping-picture strings A list of SAML attributes used to map the user's picture. --pendingOptions-claimsMapping-sub strings A list of SAML attributes used to map the user's subject. --pendingOptions-entityId string The entity ID for the SAML IdP. Required if metadata is not provided. --pendingOptions-metadata-raw string The IDP metadata XML in base64-encoded format. --pendingOptions-nameIdFormat string The name identifier format that will be requested from the identity provider. --pendingOptions-signOnUrl string The sign on URL for the SAML IdP. Required if metadata is not provided. --postLogoutRedirectUri string Direct the user on logout to a specific URI. --protocol string The protocol to be used for communicating with the identity provider. --provider string The identity provider to be used. -q, --quiet Return only IDs from the command --raw Return original response from server without any processing --retry int Number of retries to do before failing, max 10 --skipVerify If set to ˋtrueˋ, skips IdP verification process and assumes the IdP is verified. --tenantIds strings The tenant identifiers that map to the given IdP.Options inherited from parent commands
-c, --config string path/to/config.yml where parameters can be set instead of on the command line --context string Name of the context used when connecting to Qlik Associative Engine --headers stringToString HTTP headers to use when connecting to Qlik Associative Engine (default []) --insecure Enabling insecure will make it possible to connect using self-signed certificates --json Returns output in JSON format, if possible. Disables verbose and traffic output -s, --server string URL to Qlik Cloud or directly to a Qlik Associative Engine --server-type string The type of server you are using: cloud, Windows (Enterprise on Windows) or engine -v, --verbose Log extra information