Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
So let me get this straight. In order to distribute a Qlik Sense report in NP17, I have to load users into Nprinting AND enter/create a password for all users even though I never want them in Nprinting UI or Newstand??
Please tell me I'm missing something.
hi
you don't miss anything,
but you can set the same password for all users
They were thinking that.... password is required
end of story - cheers!
Passwords for users accessing a system of any kind where it matters that you ensure who they are is usually a good idea.
The fact their are multiple delivery options for users means having to give a user a password during setup a common approach.
The issue I have is how secure and fit for purpose this is against current security standards.
1. The passwords are stored in an insecure flat file.
2, it is set and managed by the owner of the import user document which to my mind is wrong. passwords are set and maintained by the user.
3. No enforment o password strength
4. No ability to set password expiration
5. No ability for user to change their password as the import user task would surely overwrite any change.
All I can see is a long list of default passwords that never get updated with this approach unless I'm missing something.
Isn’t it an option to use the AD user possibility. There you have all you security standards
Hi, stvegerton.
You can use any pass when create or load from file new users. They will be using win logon auth anyway to get access to NP.
In my case I have 2 communities
1. Internal users (Can and do use AD which as you say is fine)
2. External users (Customers are not going to be given AD logins)
NPrinting in my opinion has to handle both cases well. At the moment there is a alot of work to do around the second case to grant securely and seamlessly external users access to NewsStand, report in the HUB etc...
"use AD"?
There is no AD user directory connector/load with NP 17.
So you have to provide whatever is imported for you and shared manually as your user name and password.
And if someone manually loaded your ad password to work around this gap, that's not a secure solution.
RIght?
You are wrong Steve on AD subject. You do not need directory connector to use AD as you are providing recipients in your recipient import task (or you type them manualy in NP). Think about it again.
If you provide recipient list (and recipient has also Domain\UserName field you can provide) then if you choose option to only use Windows authentication (this choice exist in settings) NPrinting only needs to check whether user name and domain trying to connect to NewsStand or NPrinting admin console matches those you have in recipient list. this really works like SSO. Such user may still have to put through its domain password which in this case can be completly different than the one you upload in recipient import file.
In other words when you use AD, then password uploaded with recipient import task is irrelevant.
hope this helps
cheers
Lech
You do not need to know the users ad password just there username when setting them up. qlik with do the rest as far as windows authentication goes.
Empty so have to enter a password when loading users but that can be a default one. like I say a bit more thought needs to be put into that area of authentication I hear in the new release there is something about loading users via api which sounds like a step forward.