topic Re: Qlik Sense Embed Authentication issue! in Management & Governance

Qlik Sense Embed Authentication issue!

VinayakAthalekar — Wed, 29 Jan 2025 16:31:11 GMT

When user Log-in to Web (Single Page application with Microsoft Identity Provider-MSAL.JS) application which has the Qlik Sense report embedded, Initially user authenticated with MFA(username\password and then Authenticator App). When successfully logged-in user clicks on the Insightful Tab(Qlik Sense Embed with iFrame) it asks for Microsoft Authentication App approval again.

As per understanding when user login initially user is authenticated with MFA(username\password and then Authenticator App) why user has to approve Microsoft Authentication App request to see the embedded Qlik report? Do we need to do any configuration to avoid this?

This happening only with Azure AD Guest user type account only.

Re: Qlik Sense Embed Authentication issue!

Andrew_Delaney — Thu, 15 Sep 2022 07:15:39 GMT

I just want to clarify what the question is here.

Your users are being made to log in twice when they attempt to use an embedded Qlik Sense app?

How is the authentication configured on your qlik sense server?

Re: Qlik Sense Embed Authentication issue!

VinayakAthalekar — Thu, 15 Sep 2022 08:53:17 GMT

We have Qlik Sense Enterprise SaaS and followed https://community.qlik.com/t5/Knowledge/How-To-Configure-Qlik-Sense-Enterprise-SaaS-to-use-Azure-AD-as/ta-p/1704442 to implement Azure AD identity provider connectivity.

Single Page Application(React and NextJs based) web app is implemented user authentication using Microsoft Identity Provider(MSAL.JS which call Microsoft Graph using the authorization code flow with Proof Key for Code Exchange (PKCE)). This application embeds the Qlik Sense Report using App API approach. We followed https://community.qlik.com/t5/Knowledge/Qlik-Sense-Enterprise-SaaS-How-to-embed-a-chart-in-an-iFrame/ta-p/1711503/page/2/show-comments/true.

When user logins to SPA he is authenticated(username/password and then Microsoft Authenticator app) and lands to overview page. As I said there are multiple tabs in application. one of tab contains the embed qlik sense report. When Authenticated User click on the Embedded Report tab again user has been asked only for Microsoft Authenticator app approval(second time first time at user login to SPA).

Our understanding was when user logins to SPA went through successfull MFA(Username\password and then Microsoft Authenticator app approval ) why again Microsoft Authenticator app approval required when user try to open the embed report? Can we avoid second time second time Microsoft Authenticator app approval?

One more thing, This observation is only with Guest Account(external user account). Member account(Internal User Account) works fine, it doesn't show second time Microsoft Authenticator app approval.