Skip to main content
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Showing results for 
Search instead for 
Did you mean: 
cbuursink
Partner - Contributor
Partner - Contributor

Assign roles based on AD group membership & Form based UPN login

I have 2 questions regarding QlikSense:

One of our customers would like to assign roles to users based on their AD group membership.

For example, assign the role "Root Admin" to every user that is a member of group "admin".

I looked through every tab in the QMC but I cannot find an option for this.

Is it possible to configure this?

For the second question,

Is it possible to use UPN login (user@example.com) when using Form based login?

The customer is using UPN based login in all their other systems so they would like to use this for QlikSense as well.

I know non form based authentication in combination with Kerberos authentication does work but the customer want's to use Forms.

1 Solution

Accepted Solutions
Levi_Turner
Employee
Employee

Hey Christiaan,

One of our customers would like to assign roles to users based on their AD group membership.

For example, assign the role "Root Admin" to every user that is a member of group "admin".

I looked through every tab in the QMC but I cannot find an option for this.

Is it possible to configure this?

For this you will need a net new security rule. You will not be providing them the role of RootAdmin since that requires explicit calls to assign the role but you can provide 99.9% effect RootAdmin access.

For reference, see the Q-QMC-Administrators rule on https://github.com/levi-turner/Qonnections2018-Rules#backend-rules

Is it possible to use UPN login (user@example.com) when using Form based login?

The customer is using UPN based login in all their other systems so they would like to use this for QlikSense as well.

I know non form based authentication in combination with Kerberos authentication does work but the customer want's to use Forms.

I am unawares of a method to do this Forms authentication. Though if you are operating in a Windows environment, you can use ADFS which will provide a SAML auth box (forms style) and will accept UPN style usernames. In an ideal world, you'd configure the ADFS side to pass the Common Name as UserID so that users use the same User ID no matter whether they are using Windows or ADFS authentication (see attached doc)

Hope that helps.

View solution in original post

1 Reply
Levi_Turner
Employee
Employee

Hey Christiaan,

One of our customers would like to assign roles to users based on their AD group membership.

For example, assign the role "Root Admin" to every user that is a member of group "admin".

I looked through every tab in the QMC but I cannot find an option for this.

Is it possible to configure this?

For this you will need a net new security rule. You will not be providing them the role of RootAdmin since that requires explicit calls to assign the role but you can provide 99.9% effect RootAdmin access.

For reference, see the Q-QMC-Administrators rule on https://github.com/levi-turner/Qonnections2018-Rules#backend-rules

Is it possible to use UPN login (user@example.com) when using Form based login?

The customer is using UPN based login in all their other systems so they would like to use this for QlikSense as well.

I know non form based authentication in combination with Kerberos authentication does work but the customer want's to use Forms.

I am unawares of a method to do this Forms authentication. Though if you are operating in a Windows environment, you can use ADFS which will provide a SAML auth box (forms style) and will accept UPN style usernames. In an ideal world, you'd configure the ADFS side to pass the Common Name as UserID so that users use the same User ID no matter whether they are using Windows or ADFS authentication (see attached doc)

Hope that helps.