Hi Rohit,

I believe there is a bit of confusion here. Hope to clarify with a series of bullet points:

  1) You can't control with Security Rules which Proxy o Virtual Proxy a user should or shouldn't uses. Because the Security Rules (Authorization phase) run just after the user login (Authentication phase). On the contrary, with the use of the security rules you can restrict some grants based on which proxy the user come from.

2) On QAP users do not consume Login Passes, because QAP licensed is Core base, not tocken based.

3) If you have 2 licenses (Tocken based and Core based license) I expect you have 2 different installations with different users and objects. In that case they do not interact to each other save via export/import or with the use of API.

4) QAP is intended to be use only with external users (giving to them a service) and not for internal users.

5) QAP users can't access to the HUB, but you need to provide them a Mashup.

clarified the above points, if you need external users access to your QAP what you need is:

a) You probably want to sit the Proxy in your DMZ

b) You need to implement a custom Authentication phase (http://help.qlik.com/en-US/sense/3.2/Subsystems/PlanningQlikSenseDeployments/Content/Server/Server-S...)

c) You can publish your app in Everyone Stream

d) Your users need to access and use a your web application having elements coming from QAP, they can't access to the Qlik Sense HUB

Hope this can help you

I welcome your inputs , they all are very useful.

I am adding my understanding with your points one by one:

1. I can't write any rule or configure any setting which says these user comes from virtual Proxy A or B. As we create a virtual proxy to make a new URL and we can set like only anonymous user will come with new URL with adding any new prefix. I tried to make a URL , I didn't work , May be I donot know how to make work. '

2. I agree QAP user donot consume login passes. But my client says this XXXXXX license is QAP with 15 token . I created security rules for USER ACCESS and LOGIN ACCESS but I was looking where to write any rule or enable what which makes if I take an object embed to any web page user can it Yes I know , Single Sign On configuration need to do on Web Portal server for TICKET Authentication.

3. My client as two license but he says one is testing and one is for production. I installed Qlik 3.2 on testing server , I can see 15 Token is there , I donot know how to check which license is that, Please help me to identify.

4.You are saying give them service to external user ,My Question is how to give service ?

5.Is it if I upload any application on QAP server , so all the objects are visible to external users ? or I can configre only these user from web portal can see this object ?

6. what does that mean ? You probably want to sit the Proxy in your DMZ

Most Important question , what if My client don't have web portal , How can I make Qlik Sense Objects visible ?

I am very close to my solution , Please add your best inputs with some helping document if you think I can refer them and configure my system

Thanks Vincenzo

Thanks Vincenzo. It is really helpful. I will check it and get back to you what is written in LEF file. Secondly, basic knowledge of single configuratior I have, dev hup , select one application , then any particular app, there are two URL, take the URL and put it on web page and configure single sign on. I hope , I am on right path.

My only question to you is, If my client don't have any web portal then what about QAP, It is  not possible right. Secondly if client need to make a new portal ,what kind of web portal it need , any specific requirement or normal website with web server is enough ?