identity-provider create saml
qlik identity-provider create saml
Create a new IdP
Synopsis
Creates a new IdP on a tenant. Requesting user must be assigned the TenantAdmin role. For non-interactive IdPs (e.g. JWT), IdP must be created by sending options payload. For interactive IdPs (e.g. SAML or OIDC), send pendingOptions payload to require the interactive verification step; or send options payload with skipVerify set to true to skip validation step and make IdP immediately available.
qlik identity-provider create saml [flags]
Options
--clockToleranceSec int There can be clock skew between the IdP and Qlik's login server. In these cases, a tolerance can be set.
--createNewUsersOnLogin Tells the consumer of the IdP that new users should be created on login if they don't exist.
--description string Payload for creating a SAML compatible identity provider.
-f, --file string Reads request from a file
-h, --help help for saml
--interactive Indicates whether the IdP is meant for interactive login. Must be true for SAML IdPs.
--interval int Duration in seconds to wait between retries, at least 1 (default 1)
--options-allowIdpInitiatedLogin Toggle to allow IdP initated login by the SAML IdP.
--options-certificates string The certificates used for validating signed responses. Required if metadata is not provided. (JSON array)
Array of JSON-objects with the fields:
"certificate" - The X.509 certificate for validating signed SAML responses. (string)
"encryption" - Indicates whether the certificate is used for encryption. (boolean)
"name" - Given name for this certificate. (string)
"signature" - Indicates whether the certificate is used for the signature. (boolean)
Required fields: certificate
Example value: [{"certificate":"abc","encryption":true,"name":"abc","signature":true}] (default "[]")
--options-claimsMapping-email strings A list of SAML attributes used to map the user's email.
--options-claimsMapping-groups strings A list of SAML attributes used to map the user's groups.
--options-claimsMapping-name strings A list of SAML attributes used to map the user's name.
--options-claimsMapping-picture strings A list of SAML attributes used to map the user's picture.
--options-claimsMapping-sub strings A list of SAML attributes used to map the user's subject.
--options-entityId string The entity ID for the SAML IdP. Required if metadata is not provided.
--options-metadata-raw string The IDP metadata XML in base64-encoded format.
--options-nameIdFormat string The name identifier format that will be requested from the identity provider.
--options-signOnUrl string The sign on URL for the SAML IdP. Required if metadata is not provided.
--pendingOptions-allowIdpInitiatedLogin Toggle to allow IdP initated login by the SAML IdP.
--pendingOptions-certificates string The certificates used for validating signed responses. Required if metadata is not provided. (JSON array)
Array of JSON-objects with the fields:
"certificate" - The X.509 certificate for validating signed SAML responses. (string)
"encryption" - Indicates whether the certificate is used for encryption. (boolean)
"name" - Given name for this certificate. (string)
"signature" - Indicates whether the certificate is used for the signature. (boolean)
Required fields: certificate
Example value: [{"certificate":"abc","encryption":true,"name":"abc","signature":true}] (default "[]")
--pendingOptions-claimsMapping-email strings A list of SAML attributes used to map the user's email.
--pendingOptions-claimsMapping-groups strings A list of SAML attributes used to map the user's groups.
--pendingOptions-claimsMapping-name strings A list of SAML attributes used to map the user's name.
--pendingOptions-claimsMapping-picture strings A list of SAML attributes used to map the user's picture.
--pendingOptions-claimsMapping-sub strings A list of SAML attributes used to map the user's subject.
--pendingOptions-entityId string The entity ID for the SAML IdP. Required if metadata is not provided.
--pendingOptions-metadata-raw string The IDP metadata XML in base64-encoded format.
--pendingOptions-nameIdFormat string The name identifier format that will be requested from the identity provider.
--pendingOptions-signOnUrl string The sign on URL for the SAML IdP. Required if metadata is not provided.
--postLogoutRedirectUri string Direct the user on logout to a specific URI.
--protocol string The protocol to be used for communicating with the identity provider.
--provider string The identity provider to be used.
-q, --quiet Return only IDs from the command
--raw Return original response from server without any processing
--retry int Number of retries to do before failing, max 10
--skipVerify If set to ˋtrueˋ, skips IdP verification process and assumes the IdP is verified.
--tenantIds strings The tenant identifiers that map to the given IdP.
Options inherited from parent commands
-c, --config string path/to/config.yml where parameters can be set instead of on the command line
--context string Name of the context used when connecting to Qlik Associative Engine
--headers stringToString HTTP headers to use when connecting to Qlik Associative Engine (default [])
--insecure Enabling insecure will make it possible to connect using self-signed certificates
--json Returns output in JSON format, if possible. Disables verbose and traffic output
-s, --server string URL to Qlik Cloud or directly to a Qlik Associative Engine
--server-type string The type of server you are using: cloud, Windows (Enterprise on Windows) or engine
-v, --verbose Log extra information