topic Re: Tokens (user access / login access) in Management & Governance

Tokens (user access / login access)

morenoju — Tue, 06 Mar 2018 15:20:08 GMT

Hello all,

I have 5 license tokens for my Qlik Server and I thought of having 2 of them assigned to User access and 3 for anonymous login access. For what I had read in the documentation, having 3 tokens for anonymous users meant 30 users at the same time without editing capabilities, what for my purposes looked great.

However, I'm getting complaints from the users due to a "No access pass" error message that comes up sometimes without an apparent reason/pattern ("You cannot access Qlik Sense because you have no access pass").

So far I've shared the link to my app with just 7 or 8 people. How can we be running out of our 30 user passes?

Any idea on how to avoid this issue?

Thanks much,

Juan

Re: Tokens (user access / login access)

YoussefBelloum — Tue, 06 Mar 2018 16:28:35 GMT

Hi,

I don't know if already followed the steps decribed in the second bloc of this link:

https://help.qlik.com/en-US/sense/1.1/Subsystems/ManagementConsole/Content/ServerUserGuide/SUG_ConfiguringSecurity_Envir…

Also, if it is already done, as soon as 3 anonymous user already connected to the hub, they will have a token assigned to each one of them and you will run out of tokens..

Re: Tokens (user access / login access)

Levi_Turner — Wed, 07 Mar 2018 01:59:24 GMT

meant 30 users at the same time without editing capabilities, what for my purposes looked great.

...

So far I've shared the link to my app with just 7 or 8 people. How can we be running out of our 30 user passes?

Can you share a screenshot of the License Summary page?

At the outset, this isn't how Login Access Passes Work. From https://help.qlik.com/en-US/sense/September2017/Subsystems/ManagementConsole/Content/create-login-access.htm:

A login access pass allows an identified or anonymous user to access the hub for a maximum of 60 continuous minutes per 28-day period. If the user exceeds the 60-minute time limitation, the user connection does not time out. Instead, another login access pass is used. If no more login access passes are available, the session is discontinued.

This means that the use case for Login Access Passes is either anonymous or infrequent usage.

What was configured was 30 access passes in a 28 day period. If they are getting license denials then that suggests that the pool of token(s) assigned for that Login Access rule is running out due to usage.

Re: Tokens (user access / login access)

fabdulazeez — Wed, 07 Mar 2018 03:27:45 GMT

3 token corresponds to 30 login access passes. Each login access pass is for maximum 60 min. When a user exceeds 60 min a new login access pass is consumed.

Better check login access history in license monitor.

Re: Tokens (user access / login access)

morenoju — Wed, 07 Mar 2018 13:07:39 GMT

Thank you very much, guys. I see it was all a misunderstanding from me of the "anonymous login" concept. I now see that if someone is going to do an extensive use of the app, they should get a user access with credentials. Even if they're going to have only "viewer" roles.

I appreciate the clarifications from all of you. Very helpful.

Re: Tokens (user access / login access)

YoussefBelloum — Wed, 07 Mar 2018 13:14:26 GMT

Hi ltu‌

Thank you for your time and for the clarifications.

I Was completely out on this one or it is true when yuo don't configure login access rule ?

Because I know it is possible the give anonymous tokens acces, when we have 10 tokens and 10 users for example , each time a user connects, he take automatically a token.(a dedicated token).

Re: Tokens (user access / login access)

Levi_Turner — Wed, 07 Mar 2018 16:06:13 GMT

I am not 100% following. User Access Passes can be assigned by rules or manually. Login Access Passes are assigned purely by rules.

A named user can be assigned a User Access Pass (manually or by rule) or fulfill a rule condition to be granted a Login Access Pass.

Re: Tokens (user access / login access)

YoussefBelloum — Wed, 07 Mar 2018 16:36:35 GMT

I will try to not complicate things and not hold you back too much.

here is the scenario.

100 tokens, 100 users (AD, local, doesn't matter).

Instead of giving manually each user a licence throught the licence section, I want every user when accessing first time the hub, gets automatically a token (without requesting an administrator).

how this scenario is different in terms of configuration (rules type maybe) compared to the one described in this thread.

Thank you

Re: Tokens (user access / login access)

fabdulazeez — Thu, 08 Mar 2018 04:11:37 GMT

100 Tokens and 100 Users you can always use user access. This can be done manually or via rule.

Login access is helpful when you have users using Qlik very rarely. 1 Token allows you to login 10 users or 10 times for 60 min session.

Re: Tokens (user access / login access)

YoussefBelloum — Thu, 08 Mar 2018 17:15:35 GMT

Thank you.. I'll try to configure this