Skip to main content

Management console

The management console is used for managing licenses, user assignments, manage spaces, themes, and extensions in cloud editions of Qlik Sense. The management console should not be confused with the Qlik Management Console (QMC), which is used for managing Qlik Sense Enterprise on Windows. Only users with Tenant Admin role have access to the management console.

You access the management console by adding /console to your tenant address: https://<your tenant address>/console, or by using the navigation link Administration under user profile in the hub.

Currently, the management console supports a fully enabled Qlik Cloud Services deployment, or a single deployment of Qlik Sense Enterprise on Kubernetes.

Here you can find an overview of the main sections that compose the management console.


The license/user allocation section has three tabs: Overview, Assigned users, and License key.


Overview shows basic information about the license. In the Overview tab you can also add a license if needed.

License item Description

Consumed: number of users with professional access.

Total: Total availability of professional access.


Consumed: number of users with analyzer access.

Total: Total availability of analyzer access.

Analyzer capacity (minutes)

Consumed: amount of minutes spent.

Total: Total amount of minutes available per month. Overage is required after the total amount has been spent.

Overage. Overage can either be limited, to the amount stated, or unlimited.

For more information about analyzer capacity, see Analyzer capacity license.

Expires Date of license expiration.


Shared spaces Consumed: number of shared spaces.

Quota limit: Quota limit can either be limited, to the amount stated, or unlimited.

In-memory app size Maximum app memory size.

Assigned users

Assigned users shows information about users and license types. There are also buttons for removing assignments and assigning analyzer or professional access.

License item Description
Name Name of user.
User ID Unique ID for the user.
IdP subject User identifier in the identity provider (IdP). This value is needed when adding new users from the IdP user database.
License License type assigned to the user: professional, analyzer, or analyzer capacity (also known as analyzer time).

When the number of allocated assignments is larger than defined by the license, some users will be excluded. The users will then no longer have access to the hub or the management console. The Status column for the users will show Excluded. Those who most recently were assigned access will be excluded. They will remain excluded until the number of allocations matches the number defined by the license. If more access assignments are made available, or if the admin removes access for others, access will be reallocated to excluded users.

See also:

Assigning access to users

License key

In the License key tab you can change a license if needed. To change the license: paste the license key in the text box and click Submit.


The users page displays all the users that have logged into the tenant. If a user has a certain role (tenant admin), it is displayed in the roles field.

Use the search to find users. Use the buttons for assigning and removing tenant admins. For each user in the table, you also have a button to the far right where you can assign and remove the tenant admin role.

User status

The following are the available user statuses.

Status Description Status can be changed to
active User is fully registered and can consume according to the assigned license. disabled
disabled User license is removed and that user cannot access their account or use the product. active


The spaces section has two tabs:

  • Overview shows the current number of shared and managed spaces, and the creation date of the latest space.
  • Spaces shows a table with space name, space type, space owner, description of the space, and the space creation date. You also have buttons for deleting a space, changing the owner, editing the space, and creating a new space.

The following are the space types:

  • Personal spaces: In personal spaces, only the owner can edit apps, that is, you cannot co-develop in personal spaces. You can share apps outside your space, but only for viewing.
  • Shared spaces: Shared spaces allow for easy co-development of apps within a closed group of users. What actions you can perform with an app in a space is determined by permissions and your license. With a professional license you can create a shared space in the hub. You can then add new members to your shared space and assign them permissions.
  • Managed spaces: Managed spaces enable governed access to apps. Managed spaces are restricted to members. Permissions are assigned to members when they are added to a managed space. Permissions define what members can access in a space. Apps that you develop in a personal or shared space can be published to a managed space. Only space owners and target app consumers can open apps in a managed space. Other users can open apps if they have viewing permissions. Managed spaces can only be created by tenant administrators.

See also:

Managing spaces in the management console

Working in shared spaces


With scheduling, you can view and delete reload schedules for apps in your system. From the hub users can edit existing and create new reload schedules.

Property Description


Name of the app the reload task is assigned to.

Last execution

Displays when the task was last executed.

Next execution

Displays when the task is scheduled to be executed next.
State Displays if the reload task is enabled, disabled, completed, or failed.
Status Shows whether the schedule is enabled or disabled.

See also:

Managing reload schedules


In the events section, you can follow up on events in your system and get information about the event type and the user who initiated the event.

Property Description
Date Date and time in UTC format.
Source Source of the event information. See examples.
Event type Type of event. See examples.
User User initiating the event. If the user name cannot be displayed, the user ID is displayed instead.
  Click the arrow to the far right to display additional information from the source or event.

In the table, sort by using the arrows in the properties header and filter by using the funnel. There are buttons for refreshing and resetting after filtering.

Examples of sources:

  • com.qlik/licenses
  • com.qlik/engine
  • com.qlik/edge-auth

Examples of events:

  • app.created
  • user-session.begin
  • assignment.added
  • assignment.revoked


In the Themes page of the management console, the following properties are shown.

Property Description


This is the metadata name contained in the QEXT file, which is different from the QEXT filename.


Short description of the theme.


Tags for filtering.


Creator of the theme.


Identifier that must be unique. Filename of the theme definition file. Different from the name of the theme.


Metadata version contained in the QEXT file.


Date of publishing.

In the table, sort by using the arrows in the properties header. Filter by using the Tags drop-down menu, or by selecting the tags in the table.

See also:

Managing themes


Note: Extensions only are available in Qlik Sense Enterprise on Kubernetes and not in Qlik Sense Enterprise on Cloud Services.

In the Extensions page of the management console, the following properties are shown.

Property Description


This is the metadata name contained in the QEXT file, which is different from the QEXT filename.


Short description of the extension.


Tags for filtering.


Creator of the extension.


Identifier that must be unique. Filename of the extension definition file. Different from the name of the extension.


Metadata version contained in the QEXT file.


Date of publishing.

In the table, sort by using the arrows in the properties header. Filter by using the Tags drop-down menu, or by selecting the tags in the table.

See also:

Managing extensions

API keys

An API key is a unique identifier used for authentication of a user, developer, or calling program to an API. API keys are often used for tracking and controlling how the interface is used, to prevent abuse of the API.

By default, the API keys are disabled in the management console. To enable the API keys, go to the Settings section. A tenant admin can revoke API keys and edit the API keys settings, but to generate or delete API keys, you must have the role developer. A tenant admin assigns the role developer to a user. If you are a tenant admin, you can assign the role developer to yourself.

The API keys table shows the following information about the API keys: name, ID, owner, last update, creation date, expiry date, and status. Use the search field to search in the first three fields: Key name, Key ID, and Owner.

API key statuses

API keys can have the following statuses:

  • Active: the API key is in use.
  • Expired: the expiry date has been reached.
  • Revoked: the API key has been revoked and can no longer be used.

As an admin, you can review the API key activities registered in the Events section in the management console. If suspicious activities are detected, such as, extensive use of a certain API key, you can revoke that API key. Open the detailed list by clicking the arrow to the far right in the table and copy the ID of the API key. You can then search for the ID in the API keys section to find the API key to revoke.

To revoke a single API key, click the button ... to the far right and select Revoke. You can only revoke keys with the status Active. To revoke multiple keys, select the check boxes to the left of the keys to revoke and click Revoke in the top right corner. Revocation is irreversible, a revoked API key cannot be re-activated.

In addition to revocation there is the delete option. You can delete an API key from the hub, but not in the management console.

See also: Generating API keys


You can create web integrations to add origins that are whitelisted to access the tenant. The web integration containing the whitelist is connected to an ID used in for example a mashup that is connecting to your tenant. When a request arrives, Qlik Sense Enterprise confirms that the request derives from a whitelisted domain and then approves the request, else not.

Click ... to the far right to reach options for copying the ID, editing, or deleting the web integration.

Property Description

Name of the web integration.


Unique ID assigned to the web integration when it is created.

Number of origins

Number of domains contained in the white-list.

Last updated

Displays when the web integration was last updated.

Date created

Displays when the web integration was created.

See also:

Managing web integrations


On-demand data

On-demand apps are generated in the hub from navigation links that connect selection apps to template apps. The On-Demand App Service must be enabled to generate on-demand apps.

Property Description
On-demand app generation

When the service is switched from enabled to disabled, any pending requests to generate on-demand apps are allowed to finish. But once the service has been disabled, no new requests to generate apps are accepted.

This service is disabled by default.

See also:

Managing on-demand app generation


Groups are used for access control of users, and can optionally be automatically created from idp-groups.

Property Description
Enable auto-creation of groups

When enabled, groups are inherited from the identity provider so that access can be granted to the same groups of users that exist in the IdP. This simplifies access administration compared to granting access to one user at a time.

It is required that you use single sign-on and have administrative access to your IdP to configure groups.

Note that new IdP groups will show up in Qlik Sense Enterprise as users log in (or log in again) to the Qlik Sense Enterprise tenant. IdP groups are not imported all at the same time. Instead, IdP groups are discovered at login time. Further, only groups associated with users in Qlik Sense Enterprise will be available as described earlier.

Dynamic license assignment

With dynamic license assignment, you can automate assignment of access to users. For details, see: Assigning access to users.

Property Description
Enable dynamic assignment of professional access

When enabled, users who log in are automatically assigned professional access, if available.

Enable dynamic assignment of analyzer access

When enabled, and no professional access is available, users who log in are automatically assigned analyzer access, if available.

API keys

Property Description
Enable API keys

This switch enables or disables all the API keys in the tenant. Only the tenant admin can enable the API keys.

Change maximum token expiration

By changing the token expiration value, all new tokens will have the new expiration value. Already existing APIs will not be affected by the change, they will have the same expiration value as before.

Change maximum of API keys per user This setting only affects new API keys. If a new API key makes the total number exceed the maximum number, creation is denied.