- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Multi-factor authentication
Does anyone have pointers on setting up MFA, two-step authentication for Qlik Sense?
Links appreciated
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi there,
Have you find any way to implement MFA - Multi Factor Authentication wit Qlik Sense?
Thanks!
Aldo.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Amirali/Aldo,
To implement Azure MFA with QSense, you can follow the Tutorial: Azure Active Directory integration with Qlik Sense Enterprise | Microsoft Docs.
In my case, it worked correctly in the company where I job, when Azure was previously configured.
Best regards,
L G
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've set up Okta. I can provide some details if you are interested.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Lauri,
I am interested in details configuration of multi-factor auth Okta and Qlik Sens.
Would you please share it?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Narges,
If you haven't yet seen it, this video is very helpful:
https://www.youtube.com/watch?v=PoseXCN0-o0&t=202s
Here are the steps I took to set up Okta to allow users to authenticate to Sense Enterprise (initially version 3.1, now June 2017).
- Our users are mostly external to our organization, but we create their accounts in our local Windows Active Directory. We assign them to a security group called 'qlik.'
- On Sense: Create a virtual proxy that will listen for Okta SAML assertions. Follow the steps in the video.
- Also make sure you have another virtual proxy that uses WIndows authentication -- your monitoring apps will need it to run properly. And it's good to have so you can log into Qlik locally if/when you have problems with Okta.
- In Okta: Set up a connection to your user directory under "Directory Integrations" (I installed the Okta agent on our AD server to sync automatically.)
- In Okta: Set up the SAML to Qlik under "Applications." This part is tricky and needs to be just right. Follow steps in the video. In my case, the values in the General section are like these:
- Single Sign On URL, Recipient URL, Destination URL are all: https://yoururl.com:443/okta/samlauthn/
Default Relay State: https://yoururl.com/okta/hub/
Signature Algorithm: RSA_SHA256
- Digest Algorithm: SHA256
And here's a screenshot of the rest:
Under the Sign On section, I set up a Policy with a rule requiring multifactor at every sign on. This was because Sense didn't support Single Sign Out (until a very recent version, I forget which, but after Sept 2017), so if a user logs out but keeps the browser open, he can just click the browser "back" button and be logged in again.
Side Note: Our Sense server is not a member of our AD domain.
There is plenty more to describe but hopefully the video gets you there. The Okta app works very well as the 2nd factor. I'm happy to answer any questions you have.
-Lauri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Lauri,
Many thanks for your well explanation. I followed the video and it went very well.
I will give it try with two-factor authentication and let you know how it goes.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you try with two-factor authentication? Please let us know if you can provide any tips.