QlikView and Salesforce.com Single Sign On

    Introduction

     

    SalesForce.com provides a cloud based solution for CRM and other systems. QlikView provides a connector to be able to extract data entered into Salesforce.com for analysis and discovery.  This document reveals how you can embed QlikView into Salesforce.com both visually and to provide seamless login between the two systems.

     

    In Salesforce.com you typically log in with an account created in that system and is normally an e-mail address, although other login systems are available. After you have logged in then a number of tabs are shown that provide the functionality you typically use. A SalesForce Administrator can create a new tab, and embed a URL for a QlikView document or AccessPoint as a Frame within that tab. The identity that the user entered when logging into SalesForce can be passed to QlikView without needing to prompt the user for further credentials. In addition to providing seamless login this also enables fine grained permissions to be used in QlikView based on the security rules created in Salesforce.com e.g. Fred can only see UK customers.

     

     

     

                   a.PNG

     

    Prerequisites

    • Saleforce.com developer access - a free developer account can be used to test the below
    • Although a fully working step by step example is provided below some understanding of the technologies involved is required. These are:
      • Basic Salesforce.com admin knowledge
      • Understanding of QlikView security - specifically ticketing, review this document
      • Basic understanding of asp.net C#
      • IIS - Internet Information Server
      • QlikView server

     

    Architecture

    SalesForce.com provides an API for integrating with its sign in mechanism.  When you login a session identifier is created for the user and this can be passed over as a string of text into another application.  The second application (.net and QlikView in this case) can grab this ID and then make a call to SalesForce to check that it is valid and what the users actual name is.

     

    Once obtained this user name can be passed through into QlikView. In this example the Web Ticket method will be used, other methods could be used also. To achieve this a landing page will be written in asp.net this page will grab the session ID supplied by SalesForce, extract the user name from it then pass it through to QlikView before redirecting the user to the QlikView content.  The content itself will appear inside a frame within the SalesForce screen and the user will not see any of this activity occurring.  The below diagram explains the flow:

     

    SalesForce.png

     

    Salesforce.com Set up

    The configuration of Salesforce.com is fairly basic, simply adding a new tab to the navigation bar at the top of the screen.  If you dont want to do this in production right away then a free developer account can be created to use a sandbox area, this is described below.

     

              1.png

    • On the left Under App Setup click Create and then Tabs

              2.png

    • Click New Web Tab

              3.png

    • Select a Suitable layout

              4.png

    • Provide a lable for the tab and chose a style

              5.png

    • Next we will provide the URL of the QlikView server to embed into SFDC,  it will be a URL for a new page which is added to the QV server in the steps below and it will have a few of the API items added on to the end.
      • The finished URL should look something like the below
      • http://YourQVServerAddress/SFDCLOGIN.aspx?SessionId={!API.Session_ID}&ServerURL={!API.Partner_Server_URL_180}&document=Sales Compass.qvw
      • Replace "YourQVServerAddress" with the address of the QlikView server you are working with.
      • Replace "Sales Compass.qvw" with the document you wish to use, or alternatively you can remove it to open the QlikView Access Point

              6.PNG

    • Click next on the following two screens accepting the defaults to save the new tab

              7.png

    • The Configuration of Saleforce.com is now complete, but it wont work until QlikView has been prepared.

     

    QlikView Set up

    The remaining steps are applied to the QlikView server and split between steps in the QlikView Management console and implementation of sample code that uses web ticket, this is added to IIS.  The steps below describe one method to achieve the integration, there are other alternatives available too.  The code supplied as an example is intentionally simplistic and covers only the basics of the implementation rather than being fully productionised code.

     

    QlikView Management Console Settings

    • Open the QMC
    • Go to the System Tab and select your QlikView server on the left hand side
    • On the right hand side select the Security tab and select the "DMS" option for authorisation.  As users will not sign in with windows accounts the DMS mode option is required and permissions must be set through QlikView.

         dms.PNG

    • Next select the the web server in your deployment and go to the Authentication tab
    • Under Login Address select "Alternate Login" this is to prevent the QV webserver asking for windows credentials. If you are using IIS for the web server then this is not required and you would modify settings in IIS

         webserver.PNG

    • Finally as the server is now running in DMS mode there will be no permissions to read any of the documents so permissions need to be applied.  Go to the Documents and User Documents tab and select the document you want to use.
    • On the right hand side click on the Authorisation tab and apply permissions - you can specify particular users or say "all authenticated"

         permissions.PNG

    • The QlikView Server is now configured

     

     

    Deploying the code example

     

    There are two zip files attached to the document but only one of them is required to deploy the example.  The other file contains some source code for working with the SalesForce.com security API which you only need to use if you want to integrate the simple example into a bigger code project.

     

    • Open the SFDCLogin.zip file attached to this document
    • The files need to be deployed into IIS by default this means copying the files to c:\inetpub\wwwroot.   There are two files in the zip - SFDClogin.aspx needs to be copied to the root of the folder and SFDC-SSO.dll needs to be in a sub folder called Bin.  If the paths in IIS are changed then the URL used in the SalesForce.com configuration above needs to match.
      • The dll file contains the functions used to call the Salesforce api - the source for this DLL can be found in the SFDC-SSO-Source.zip, there is no need to user this zip or edit it unless you need to build a more complex example, it is supplied for information only.
    • Edit SFDClogin.aspx in notepad, you can review the code to see the steps its goes through
    • The example makes use of webtickets in QlikView, to request a ticket the code must make the request as a member of the QlikView Administrators group, this example hard codes a user ID and password into the file (other methods can be used), this user id and password needs to be replaced with a QlikView Administrator for your QlikView deployment. 
    • Locate the values     QVAdminUser = "qservice";  and QVAdminPassword = "Ql1ktech";   and update accordingly

     


    Try it out

    Now SalesForce.com and QlikView are configured and the code to integrate them is deployed so it is now ready to test.  Return to SalesForce.com and click the QlikView tab you created.  The QlikView tab will now load the specified QlikView document into the frame within Salesforce.

     

    Note:  The example code provided here is intentionally simplified so that is it easy to understand the concepts used to integrate SFDC and QlikView.   For production use the code should be enhanced to suit any business needs, handle errors and further secure the code such as validating the URLs being passed into and out of the page are trusted.