Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ahmedadmin
Contributor III
Contributor III
‎2017-06-07 11:24 AM

How to provision public access to a specific AD group in Qlik Sense

Is there a way to grant public access to specific AD group using the Security Rules.

Please let me know if there are any other alternatives as well. As per the requirement, I need to provision Qlik Sense site to a specific group of folks outside the domain only if they are placed in an AD group.

Also as an alternative is there a way to provide this flexibility by managing the Stream or site.

1,070 Views
0 Likes
1 Solution

Accepted Solutions
Vincenzo_Esposito
Employee
Employee
‎2017-06-09 05:37 AM

I'm not sure if I've understand your problem. But if you need to allow some of your AD users to access from outside (e.g. Public network) so you want to use a different access for them through a new virtual proxy.

This new proxy need to use a custom authentication solution (http://help.qlik.com/en-US/sense/3.2/Subsystems/PlanningQlikSenseDeployments/Content/Server/Server-S...)

If you want to allow just some AD group to use an external access you can do that in diffeent way using the Security Rule (eg.  in the Virtual Proxy configuration you can Extend Security environment and track the source IP on what of which build the Security Rule or using the coming Virtual Proxy for that).

If the access come from teh Public Network you can also consider to put a new proxy in DMZ.

View solution in original post

807 Views
3 Replies
Vincenzo_Esposito
Employee
Employee
‎2017-06-09 05:37 AM

I'm not sure if I've understand your problem. But if you need to allow some of your AD users to access from outside (e.g. Public network) so you want to use a different access for them through a new virtual proxy.

This new proxy need to use a custom authentication solution (http://help.qlik.com/en-US/sense/3.2/Subsystems/PlanningQlikSenseDeployments/Content/Server/Server-S...)

If you want to allow just some AD group to use an external access you can do that in diffeent way using the Security Rule (eg.  in the Virtual Proxy configuration you can Extend Security environment and track the source IP on what of which build the Security Rule or using the coming Virtual Proxy for that).

If the access come from teh Public Network you can also consider to put a new proxy in DMZ.

808 Views
ahmedadmin
Contributor III
Contributor III
‎2017-06-09 11:06 AM
Author

In response to Vincenzo_Esposito

Hi Vincenzo,

Thanks for the response, The second option that you suggested seems more viable.

The requirement is to grant the access to the external users (outside the domain) access to certain streams and the access should be governed only for specific AD group users.

You made a great suggestion to use the source IP and tieing it to the Virtual Proxy.

Now my concern is to grant certain stream OR new stream access only for those users who access through the new Virtual Proxy. Not sure if using Custom Properties I can achieve this process.

807 Views
0 Likes
Vincenzo_Esposito
Employee
Employee
‎2017-06-12 05:06 AM

Here (Available resource conditions ‒ Qlik Sense) you can find some attribute on which you can build your security rules. You can achieve it in different ways, for example you can use the the source ip Address (Security rules example: Access to stream by IP address ‒ Qlik Sense)  supposing those coming from outside have a different sub-net or TAG the proxys and build some rule on that.

807 Views
0 Likes