https://community.qlik.com/t5/Management-Governance/Wont-User-credentials-stored-in-PGSQL-get-exposed/m-p/1796397#M17624 <P>As&nbsp;@Anonymous&nbsp;mentioned, when doing authentication, Qlik Sense Enterprise neither stores nor really knows the credentials of the end user. Qlik Sense Enterprise leverages existing authentication systems (Active Directory, a SAML IdP, etc). Those systems evaluate the credentials (or usually a hash of the credentials, see&nbsp;<A href="https://security.stackexchange.com/questions/129832/understanding-ntlm-authentication-step-by-step" target="_blank">https://security.stackexchange.com/questions/129832/understanding-ntlm-authentication-step-by-step</A>) then send a token to Qlik Sense Enterprise signaling that a given user (domain\userId) has successfully authenticated.</P> Thu, 01 Apr 2021 13:30:13 GMT Levi_Turner 2021-04-01T13:30:13Z https://community.qlik.com/t5/Management-Governance/Wont-User-credentials-stored-in-PGSQL-get-exposed/m-p/1796259#M17619 <P>Hi,</P><P>My understanding is user credentials are stored in PGSQL which is used for validating login with external IdP</P><P>But if credentials are stored as-is in PGSQL wont they get exposed?</P><P>&nbsp;</P> Sat, 16 Nov 2024 00:19:58 GMT https://community.qlik.com/t5/Management-Governance/Wont-User-credentials-stored-in-PGSQL-get-exposed/m-p/1796259#M17619 AshwathRaj_26 2024-11-16T00:19:58Z https://community.qlik.com/t5/Management-Governance/Wont-User-credentials-stored-in-PGSQL-get-exposed/m-p/1796290#M17621 <P>Hey&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/119802">@AshwathRaj_26</a>&nbsp;,</P><P>as per my knowledge no, user credentials (username <EM>and password</EM>) are not stored into postgreSQL.<BR />The only credentials that are stored there are the ones of technical users used inside postgreSQL itself (see users&nbsp;<EM>postgresql</EM> and <EM>qliksenserepository</EM>).<BR /><BR />For 'regular' end users, only a reference of their user directory ("domain", if you're working with active directory) and user id ("username", if you're working with active directory) are kept.<BR />Once the IdP has verified your identity, will let you proceed to Qlik Sense. Only at this point the IdP will tell Qlik who you are (user directory + user id).<BR /><BR />Let me know if this makes any sense for you<BR /><BR />Riccardo</P> Thu, 01 Apr 2021 07:40:26 GMT https://community.qlik.com/t5/Management-Governance/Wont-User-credentials-stored-in-PGSQL-get-exposed/m-p/1796290#M17621 Anonymous 2021-04-01T07:40:26Z https://community.qlik.com/t5/Management-Governance/Wont-User-credentials-stored-in-PGSQL-get-exposed/m-p/1796397#M17624 <P>As&nbsp;@Anonymous&nbsp;mentioned, when doing authentication, Qlik Sense Enterprise neither stores nor really knows the credentials of the end user. Qlik Sense Enterprise leverages existing authentication systems (Active Directory, a SAML IdP, etc). Those systems evaluate the credentials (or usually a hash of the credentials, see&nbsp;<A href="https://security.stackexchange.com/questions/129832/understanding-ntlm-authentication-step-by-step" target="_blank">https://security.stackexchange.com/questions/129832/understanding-ntlm-authentication-step-by-step</A>) then send a token to Qlik Sense Enterprise signaling that a given user (domain\userId) has successfully authenticated.</P> Thu, 01 Apr 2021 13:30:13 GMT https://community.qlik.com/t5/Management-Governance/Wont-User-credentials-stored-in-PGSQL-get-exposed/m-p/1796397#M17624 Levi_Turner 2021-04-01T13:30:13Z