Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
mgranillo
Specialist
Specialist
‎2024-02-23 09:26 AM

Passing Multiple Roles via the User API (Okta Integration)

Does the users API support sending multiple roles on a user create post call? The documentation only shows an example with one name in assignedRoles.  

Labels (3)
Labels
Preview file
105 KB
477 Views
8 Replies
Levi_Turner
Employee
Employee
‎2024-02-23 11:17 AM

Sure. Example body:

{
  "name": "John Smith",
  "email": "john.smith@corp.example",
  "picture": "https://corp.example/docs/jsmith.png",
  "subject": "1234asdasa6789",
  "assignedRoles": [
    {
      "name": "Developer"
    },
    {
      "name": "TenantAdmin"
    }
  ]
}
451 Views
mgranillo
Specialist
Specialist
‎2024-02-23 03:46 PM
Author

@Levi_Turner thanks for the response. Do you know if the role ID is required in the post call?

439 Views
Levi_Turner
Employee
Employee
‎2024-02-23 03:50 PM

In response to mgranillo

No, just the role name. The above call results in this:

Levi_Turner_0-1708721393818.png

 

(the other roles are auto-assigned by the system, which is optional, of course).

431 Views
mgranillo
Specialist
Specialist
‎2024-03-05 10:34 AM
Author

In response to Levi_Turner

@Levi_Turner I was taking a closer look at the image you sent and noticed a lot of roles showing in the permissions overview. Why does the permissions overview not just say "tenant admin" and "developer"? There are lost of other permissions listed like "autoML contributor" and "automation creator", etc. Are those defaults for every user?

362 Views
Levi_Turner
Employee
Employee
‎2024-03-05 10:43 AM

In response to mgranillo

For this tenant? Yes. We've set it up so that everyone who logs in get those roles.

Levi_Turner_0-1709653371912.png

You're obviously able to change that to your requirements.

353 Views
mgranillo
Specialist
Specialist
‎2024-03-05 12:29 PM
Author

In response to Levi_Turner

@Levi_Turner sorry for one more question. We're getting a 403 error: 

The traceId for the error in the json body returned 

a2e44e1bdbf445f5d676197e063dc385

Can you provide any guidance on a root cause of this type of error? Where could we be missing permissions?

345 Views
Levi_Turner
Employee
Employee
‎2024-03-05 02:27 PM

In response to mgranillo

403 is a post-authentication denial for permission reasons, so your user (who created the API key or the Oauth identity) isn't authorized to perform this action. 

334 Views
mgranillo
Specialist
Specialist
Tuesday
Author

In response to Levi_Turner

@Levi_Turner we decided to manage roles in the QMC and not send roles from Okta.  Management falls to the Qlik admin instead of our access team but that's okay for us. Thanks for your comments on this post.

39 Views
0 Likes