Adding users to Qlik Cloud
The individual who creates the tenant is the service account owner. If you are the service account owner, you are also the first tenant administrator and the only user with access to the tenant. Add more users by sending email invitations or configure an identity provider.
You can add users by configuring an identity provider (IdP), or by sending individual email invitations, but not both. However, when you switch from using the invite option to using an identity provider configuration, the invite option will remain available until the identity provider has been activated.
Adding users with an identity provider
If you have an IdP, you can create an IdP configuration under Identity provider in the Management Console.
To set up an identity provider, see Identity providers.
Adding users with email invitations
To send an email invitation, you must be a tenant administrator. You can invite users to join the tenant by sending email invitations from the Users pane in the Management Console or from your User profile menu. In the invitation window, you can list multiple email addresses separated by a comma or a space. When the user receives the email invitation, they can join the tenant by clicking a link in the email. The link is valid for a limited period. It redirects the user to a registration page.
You can see the invitation status under Users > All users in the Management Console. Select Pending invites in the dropdown list to the left or select Pending invites in the Status column. Hover over the invite to see the expiry date. Invites that have expired are shown in red in the table. When the user has registered, the status changes to active. If needed, you can resend or delete the invitation. If you delete the invitation, the user cannot register, even if the link has not expired.
Adding a user by email invitation
Do the following:
- In the Management Console, go to Users and click Invite.
Enter the email addresses of the users that you want to invite, and then click Invite.Information note
You can delete an invitation from the Management Console.
The invited users are listed in the table in the Users pane.
Managing users in the Management Console
When users are added to the tenant, they are listed under Users > All users in the Management Console.
You can search for users by name, email, user ID, or IdP subject. The search on user ID and IdP subject must be an exact match. Hover over the information icon in the Name column to see user ID and IdP subject. The IdP subject field can be used for distinguishing one user from another if the names are identical and the email field is not visible.
For each user in the table, click to open a menu where you can assign and remove security roles, change user entitlement, activate or disable users, revoke mobile access if it has been granted, and delete users.
If you change a user's entitlement from Basic User to Full User, make sure that you also assign them the appropriate roles. Similarly, if you change entitlement from Full User to Basic User, you need to remove any roles from the user that would trigger an automatic upgrade. For more information, see Managing user entitlements.
Each user has a status depending on whether they are a fully registered user, a user who has been invited but not yet registered, or a user who has been disabled. You can select a status to filter by in the dropdown list.
|Active||The user is fully registered. They can user the product according to their assigned roles. For more information about roles and permissions, see Assigning security roles.|
The user entitlement is removed. The user cannot access their account or use the product. All alerts owned by the user will be disabled.
|Provisioned||The user is provisioned by the SCIM connector but has not yet registered. You can assign roles to groups of provisioned users and add the groups to spaces. For more information, see Provisioning users and groups using SCIM.|
|The user is invited but has not yet registered. A user ID is created but no entitlement has been assigned.|
The user has been assigned an entitlement to their IdP subject from the license service. The user has not yet registered, and no user ID has been created.
The user is invited to the tenant, but the number of users exceeds the limit in the subscription. The user does not have access to the product until the administrator either adds more user entitlements or removes access for other users, which frees up the entitlements for the requested users. For more information , see Managing users in status Requested.
Deleting a user from the tenant
You can delete active users or pending users from the Users section of the Management Console. Deleting an active user frees up a user entitlement that can be assigned to another user. Deleting a pending user removes the user record from the system, and they won't be able to register through the email invitation. You can only delete one user at a time.
Deleting a user
Do the following:
In the Management Console, open the Users section.
In the row for the user to be deleted, click the button to the far right.
Select Delete to delete an existing user or Delete invitation to delete an invitee.
Confirm the deletion.
What happens when you delete a user
Deleting a user has several implications beyond simply removing their entry from the users section of the Management Console. This section provides more detail about what happens to user information, data, and account information when a user is deleted.
What happens to user information of deleted users
When you delete a registered tenant user, all personally identifiable information is removed. In the Management Console, in the Users section, the Status column shows either Active or Disabled for a registered user. If a user is deleted while logged in to the tenant, the user session is invalidated.
What happens to a deleted user who is part of an IdP
When using your own identity provider, invalidating the user session does not prevent the deleted user from logging in again. If they attempt to do so, a new tenant user record is created. To prevent the user from logging in, they need to first be removed from the identity provider. If you have configured your own identity provider, you can remove the user yourself.
What happens to the Qlik Account of a deleted user
Users with a Qlik Account cannot log in after being deleted from the tenant without being invited again. Removing a user from a tenant does not remove the user from Qlik Account.
What happens to unowned data
When a user is deleted, their spaces and apps no longer have an owner. The content associated with the user is not deleted. A tenant admin can assign new owners to spaces previously owned by the user. In the Spaces section of the Management Console, there is a button for changing owners.
Results of deleting an active or disabled user:
- User is no longer available in the tenant.
- API keys for the deleted user are revoked.
- User allocation is freed up for reassignment.
- Spaces now need the owner reassigned.
- Apps no longer have an owner.
- If the user is the owner of a reload schedule, another user has to take ownership of the reload schedule (or create a new one), or the scheduled reloads will fail.
- Management Console audit logs contain details of the deleted user event.
- Notifications are deleted.
- Alerts owned by the user are deleted.