Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hello community.
Is there a way to allow internal users stored in an AD, to access the Qlik Sense environment from the extranet (i.e. their homes or mobile devices) without using an authentication mechanism leveraging Web Ticketing (or SAML, or HTTP header)?
For example, could we have a landing web page in the DMZ, on which users will click on a url, which will in turn call the Qlik Sense hub page and use automatic windows authentication, by asking users to enter their internal AD credentials?
If yes, is there a document that describes this process?
Thank you.
Gerasimos.
You can use qliksense hub outside network with windows authentication.
Thanks Shraddha.
I am afraid that his will not be possible for reasons such as that having Qlik Sense outside the network (i.e. in the DMZ) would be a security threat, also the AD is located in the internal network, so the QSP (located in the DMZ) needs to reach out to the AD (located in the LAN) in order to do the authentication.
I think that the best approach is the deployment of a Reverse Proxy in the DMZ which is going to re-direct all incoming traffic to an internal Qlik Sense Proxy, which in turn will do the authentication against the AD using Windows Authentication.
Is there any step-by-step document on how to configure Qlik Sense in this kind of scenario (how should the virtual proxy(ies) and the authentication be configured when it will be http header or automatic windows authentication)?
Thanks again.
That's correct.
I didn't come across any step by step documentation. But your network team will be able to help you with this
Once you re-direct the traffic to global ip which will help you to access qliksense hub outside network, you will have to whitelist the ip and hostname in virtual proxy section.