Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Introducing Qlik Answers: A plug-and-play, Generative AI powered RAG solution. READ ALL ABOUT IT!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
RaymondD
Contributor
Contributor
‎2019-12-19 01:21 AM

Authentication for external users

Hi there.  We have Qlik Sense deployed and are successfully authenticating our internal users to it using AD.  We have a requirement to grant access to external users.  I understand that Qlik Sense is not itself an authentication provider, and must offload authentication to an external authentication service for identity management/verification.  

I do not want to create users in our AD for external users if possible.  Creating local users on the server seems a bit cumbersome.  What are our options please?  I have seen some references to using AD LDS but I can't seem to find anything conclusive that this is supported.  

thanks!

Raymond

1 user say ditto
1,608 Views
0 Likes
4 Replies
mahaveerbiraj
Creator II
Creator II
‎2019-12-19 02:27 AM

HI Raymond

I hope below URL will help you

https://help.qlik.com/en-US/sense/June2019/Subsystems/ManagementConsole/Content/Sense_QMC/anonymous-...

1,581 Views
0 Likes
RaymondD
Contributor
Contributor
‎2019-12-19 02:35 AM
Author

In response to mahaveerbiraj

Hi there, thanks for the suggestion, but we don't want the external users to connect anonymously - we will need different authorization levels for different external parties so I don't think we can have them all as anonymous as we won't be able to then differentiate between them.

1,578 Views
0 Likes
anderseriksson
Partner - Specialist
Partner - Specialist
‎2019-12-19 02:56 AM

Anonymous sounds like the wrong path regardless.
Local users on the server is not that complicated.
Or Sense can connect to any LDAP service or even a file with users and passwords.
Check out the QMC documentation.

1,571 Views
0 Likes
RaymondD
Contributor
Contributor
‎2019-12-19 03:23 AM
Author

In response to anderseriksson

Yeah anonymous won't work for us.  I'm reluctant to use local users because it would be good for our BI team to have control over adding/removing users, and using local accounts would require admin rights on the server.  

We started out with the Access Text Driver + CSV file route, but found that Sense doesn't actually support authentication using this method - it is only for import of user details.  A separate authentication provider is still required.

I have looked at the QMC documentation but haven't found anything specific to AD LDS or where to configure this.  I believe it is the proxy that needs to perform the authentication?  If we want to use Windows auth for our internal users, and LDAP auth (using AD LDS) for external users, do we need two proxies and thus a different URL for the external users?

If you can point me to the right docs that would be appreciated ... my Googling hasn't led me to what I need  😉

1,566 Views
0 Likes