topic Re: Authentication for external users in Management & Governance

Authentication for external users

RaymondD — Thu, 19 Dec 2019 06:21:54 GMT

Hi there. We have Qlik Sense deployed and are successfully authenticating our internal users to it using AD. We have a requirement to grant access to external users. I understand that Qlik Sense is not itself an authentication provider, and must offload authentication to an external authentication service for identity management/verification.

I do not want to create users in our AD for external users if possible. Creating local users on the server seems a bit cumbersome. What are our options please? I have seen some references to using AD LDS but I can't seem to find anything conclusive that this is supported.

thanks!

Raymond

Re: Authentication for external users

mahaveerbiraj — Thu, 19 Dec 2019 07:27:46 GMT

HI Raymond

I hope below URL will help you

https://help.qlik.com/en-US/sense/June2019/Subsystems/ManagementConsole/Content/Sense_QMC/anonymous-authentication.htm

Re: Authentication for external users

RaymondD — Thu, 19 Dec 2019 07:35:22 GMT

Hi there, thanks for the suggestion, but we don't want the external users to connect anonymously - we will need different authorization levels for different external parties so I don't think we can have them all as anonymous as we won't be able to then differentiate between them.

Re: Authentication for external users

Anders_Eriksson — Thu, 19 Dec 2019 07:56:14 GMT

Anonymous sounds like the wrong path regardless.
Local users on the server is not that complicated.
Or Sense can connect to any LDAP service or even a file with users and passwords.
Check out the QMC documentation.

Re: Authentication for external users

RaymondD — Thu, 19 Dec 2019 08:23:57 GMT

Yeah anonymous won't work for us. I'm reluctant to use local users because it would be good for our BI team to have control over adding/removing users, and using local accounts would require admin rights on the server.

We started out with the Access Text Driver + CSV file route, but found that Sense doesn't actually support authentication using this method - it is only for import of user details. A separate authentication provider is still required.

I have looked at the QMC documentation but haven't found anything specific to AD LDS or where to configure this. I believe it is the proxy that needs to perform the authentication? If we want to use Windows auth for our internal users, and LDAP auth (using AD LDS) for external users, do we need two proxies and thus a different URL for the external users?

If you can point me to the right docs that would be appreciated ... my Googling hasn't led me to what I need 😉