Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Introducing Qlik Answers: A plug-and-play, Generative AI powered RAG solution. READ ALL ABOUT IT!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
gcharlesworth
Contributor II
Contributor II
‎2018-06-26 03:49 PM

External Facing Qlik Sense App in Salesforce

Hello fellow Devs and Qlik experts -

I was recently assigned to be the project lead for the development of an external facing scorecard that is to be created in Qlik Sense then embedded and accessed within Saleforce by external users (customers). The data is presumed to then be locked and filtered using Section Access based on the users Salesforce login. I am a BI dev so the ETL, data modeling, and front-end design is not a concern for this project.

My main areas of concern are that our Qlik Sense production server in Azure is not currently deployed into the DMZ; we have not created a SAML connection between Qlik Sense and Salesforce; and I am unsure how Qlik Sense will be able to authenticate external users with Section Access since they are not in our AD.

Since I am just a BI dev, the IT infrastructure changes that need to be made in order to complete this project is very foreign to me.

Based on my research and (very limited) infrastructural technical knowledge, I have determined that these are following steps that our organization will have to take in order to make this project a reality:

  1. Re-deploy Qlik Sense Production server and application into DMZ network
    1. Reference: Qlik Sense deployment in a DMZ Environment
  2. Create SAML connection between Qlik Sense and Salesforce
    1. Reference: Video Link : 3605
  3. Write Section Access script to authenticate customers using Salesforce login information (communicated to Qlik???)
    1. This part I am very fuzzy on as I have no idea how Qlik will be able to authenticate a user coming from outside our network

Does anybody know if I am on the right track here? I would really appreciate any sort of feedback or examples of proof of concept so that I can begin communicating with our Infrastructure, Salesforce and Mid-range teams.

As always, thank you for your feedback and help.

1,072 Views
1 Reply
Vincenzo_Esposito
Employee
Employee
‎2018-06-27 04:22 AM

Hi Gary,

there is a bit of confusion. Qlik Sense does not make any authentication (check whether a user is what he/she claims to be, based often on a secret). Authentication is made by an identity provider, Salesforce in your case. Qlik just does authorization, it gives roles, rights on objects and visibility on data. It uses Security rules for roles and rights and Section access to restrict the data users can actually access.

The sync happens thanks to the UDC (User Directory Connector). Qlik need set up with some kind of user directory (usually AD or LDAP, but even custom user lists are supported) and assigns internal roles to those users based on user attributes. The authentication phase check if the users are what they assert to be and than link them to the UDC users.

In your case Salesforce is the Identity Provider and Qlik can use it through the SAML integration. You also need to import users from a user directory and assign them roles and rights in Qlik Sense. The authentication phase link the user identified by Salesforce with the user configured in Qlik Sense.

Hope this help

918 Views