https://community.qlik.com/t5/Official-Support-Articles/Multi-cloud-deployment-difference-between-using-an-Identity/ta-p/1803844 <DIV class="lia-message-template-question-zone"> <H4>Question:</H4> <P>The <A href="https://help.qlik.com/en-US/sense-admin/latest/Subsystems/DeployAdministerQSE/Content/Sense_DeployAdminister/Multi-Cloud/Cloud-deployment.htm" target="_blank" rel="noopener">help site for Qlik Sense Enterprise for Windows mentions</A>, among the&nbsp;<SPAN>characteristics of a multi-cloud deployment, "an identity provider that supports OIDC and SAML to integrate user authentication between on-premises and cloud, <STRONG>or</STRONG> a local bearer token".<BR />What is the difference between the two options?</SPAN></P> <P><STRONG>Environment:</STRONG></P> <UL> <LI><LI-PRODUCT title="Qlik Sense Enterprise SaaS" id="qlikSenseEnterpriseSaaS"></LI-PRODUCT>&nbsp; with <LI-PRODUCT title="Qlik Sense Enterprise on Windows" id="qlikSenseEnterpriseWindows"></LI-PRODUCT>&nbsp; multi-cloud setup</LI> </UL> <P>&nbsp;</P> <P>&nbsp;</P> </DIV> <DIV class="lia-message-template-answer-zone"> <H4>Answer:</H4> <P>While it's not necessary to have an identity provider (check the <A href="https://community.qlik.com/t5/Knowledge-Base/Qlik-Multi-Cloud-Frequently-Asked-Questions-FAQ/ta-p/1713427" target="_blank" rel="noopener">Multi-Cloud FAQ</A> for more details), that is the recommended option for having a fully integrated set-up, where users are shared between the on-premise and SaaS environments. <BR />Here are the main differences:<BR /><BR /></P> <UL> <LI>Identity Provider (IdP) <UL class="lia-list-style-type-circle"> <LI>no duplicated users, which means that one person will only consume one license allocation</LI> <LI>a central repository for all users, integrated between environments</LI> <LI>it requires getting the service from a third party (generally at a cost) and implementing a solution<BR /><BR /></LI> </UL> </LI> <LI>Local Bearer Token <UL class="lia-list-style-type-circle"> <LI>can be used immediately, without having an Identity Provider</LI> <LI>easy setup</LI> <LI>separate set of user repositories. Typically: Active Directory for on-premise access and QlikID for SaaS access<STRONG>*</STRONG></LI> <LI>the same person will use two license allocations when accessing SaaS and on-premise applications</LI> </UL> </LI> </UL> <P class="lia-indent-padding-left-60px"><EM><STRONG>*</STRONG> For some companies this might actually be a preferred choice (e.g.: granting SaaS access to external users authenticating with QlikID, and keeping the on premise version for internal ones on AD)</EM></P> </DIV> Tue, 10 May 2022 18:59:01 GMT Daniele_Purrone 2022-05-10T18:59:01Z https://community.qlik.com/t5/Official-Support-Articles/Multi-cloud-deployment-difference-between-using-an-Identity/ta-p/1803844 <DIV class="lia-message-template-question-zone"> <H4>Question:</H4> <P>The <A href="https://help.qlik.com/en-US/sense-admin/latest/Subsystems/DeployAdministerQSE/Content/Sense_DeployAdminister/Multi-Cloud/Cloud-deployment.htm" target="_blank" rel="noopener">help site for Qlik Sense Enterprise for Windows mentions</A>, among the&nbsp;<SPAN>characteristics of a multi-cloud deployment, "an identity provider that supports OIDC and SAML to integrate user authentication between on-premises and cloud, <STRONG>or</STRONG> a local bearer token".<BR />What is the difference between the two options?</SPAN></P> <P><STRONG>Environment:</STRONG></P> <UL> <LI><LI-PRODUCT title="Qlik Sense Enterprise SaaS" id="qlikSenseEnterpriseSaaS"></LI-PRODUCT>&nbsp; with <LI-PRODUCT title="Qlik Sense Enterprise on Windows" id="qlikSenseEnterpriseWindows"></LI-PRODUCT>&nbsp; multi-cloud setup</LI> </UL> <P>&nbsp;</P> <P>&nbsp;</P> </DIV> <DIV class="lia-message-template-answer-zone"> <H4>Answer:</H4> <P>While it's not necessary to have an identity provider (check the <A href="https://community.qlik.com/t5/Knowledge-Base/Qlik-Multi-Cloud-Frequently-Asked-Questions-FAQ/ta-p/1713427" target="_blank" rel="noopener">Multi-Cloud FAQ</A> for more details), that is the recommended option for having a fully integrated set-up, where users are shared between the on-premise and SaaS environments. <BR />Here are the main differences:<BR /><BR /></P> <UL> <LI>Identity Provider (IdP) <UL class="lia-list-style-type-circle"> <LI>no duplicated users, which means that one person will only consume one license allocation</LI> <LI>a central repository for all users, integrated between environments</LI> <LI>it requires getting the service from a third party (generally at a cost) and implementing a solution<BR /><BR /></LI> </UL> </LI> <LI>Local Bearer Token <UL class="lia-list-style-type-circle"> <LI>can be used immediately, without having an Identity Provider</LI> <LI>easy setup</LI> <LI>separate set of user repositories. Typically: Active Directory for on-premise access and QlikID for SaaS access<STRONG>*</STRONG></LI> <LI>the same person will use two license allocations when accessing SaaS and on-premise applications</LI> </UL> </LI> </UL> <P class="lia-indent-padding-left-60px"><EM><STRONG>*</STRONG> For some companies this might actually be a preferred choice (e.g.: granting SaaS access to external users authenticating with QlikID, and keeping the on premise version for internal ones on AD)</EM></P> </DIV> Tue, 10 May 2022 18:59:01 GMT https://community.qlik.com/t5/Official-Support-Articles/Multi-cloud-deployment-difference-between-using-an-Identity/ta-p/1803844 Daniele_Purrone 2022-05-10T18:59:01Z