Skip to main content
Announcements
Customer Spotlight: Discover what’s possible with embedded analytics Oct. 16 at 10:00 AM ET: REGISTER NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
biowan-ch
Contributor
Contributor

Multi AD domain authentication

Hi all,

I'm newbie in Qlik Sense.
With our server, we installed Qlik Sense with a Windows AD domain, authentication with Analyzer access allocations users work fine.

Now, we must add second domain users. I can configure the connector and I can have the second domain user in the User list. I assigned new users in the Analyzer access allocations too. But the authentication is not possible. In the log file QLIK_Audit_Proxy.txt, I get only "Login: failed. 0 Second_domain Username".

Thank you for your help.
b

Labels (3)
2 Solutions

Accepted Solutions
Bastien_Laugiero

Hello,

Yes the problem will be the same with Generic LDAP I am afraid. 

The only way I can think of without enabling trust between the domains is to implement SAML Authentication with ADFS.

Here is some documentation about it: https://help.qlik.com/en-US/sense/April2019/Subsystems/ManagementConsole/Content/Sense_QMC/SAML-conf...

Hope this helps!

Bastien Laugiero
If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.

View solution in original post

Giuseppe_Novello

Like Bastien replied, the problem is not by adding the UDC in QMC, becuase adding UDC is not for authentication purposes. Qlik Sense does not perform the authentication, it is done by windows or any IDP of your choice. If your hosting service AD cannot access/trust the secondary AD, there won't be a way to validate the end user and as result and login failure. 

 

BR

Gio

Giuseppe Novello
Principal Technical Support Engineer @ Qlik

View solution in original post

6 Replies
Giuseppe_Novello

You have to make sure that there trust AD relationship between the AD that the hosting server is on and the the new AD. If there's none, then Windows Auth won't be able to validate the user, which include authenticate them. . Go to Windows event logs > security, look for any errors. 

 

BR

Gio

Giuseppe Novello
Principal Technical Support Engineer @ Qlik
biowan-ch
Contributor
Contributor
Author

Hi Gio,

Thank you for your reply.

Unfortunately, we cannot trust the domains, not technical reason, but the political reason. So.

Can you tell me it will be same if I use the Generic LDAP connector ?

Many thanks for your help.
b

Bastien_Laugiero

Hello,

Yes the problem will be the same with Generic LDAP I am afraid. 

The only way I can think of without enabling trust between the domains is to implement SAML Authentication with ADFS.

Here is some documentation about it: https://help.qlik.com/en-US/sense/April2019/Subsystems/ManagementConsole/Content/Sense_QMC/SAML-conf...

Hope this helps!

Bastien Laugiero
If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.
Giuseppe_Novello

Like Bastien replied, the problem is not by adding the UDC in QMC, becuase adding UDC is not for authentication purposes. Qlik Sense does not perform the authentication, it is done by windows or any IDP of your choice. If your hosting service AD cannot access/trust the secondary AD, there won't be a way to validate the end user and as result and login failure. 

 

BR

Gio

Giuseppe Novello
Principal Technical Support Engineer @ Qlik
jamshed07
Partner - Contributor III
Partner - Contributor III

We are facing same issue, we need to configure two different domain users, DOMAIN A and DOMAIN B. There is no trust between forest’s  DOMAIN A and DOMAIN B. We create two LDAP connection it's showing the user from both domain. But Login by user from DOMAIN A is working while Login by DOMAIN B user get failed.

jamshed07
Partner - Contributor III
Partner - Contributor III

@Bastien_Laugiero  

We have one login page(F5) for user authentication, it's just need user name and password for our default proxy it's working fine. Now we have requirement to add another domain user(DOMAIN B) and there is no trust. Suppose what you suggesting to implement SAML Authentication with ADFS is done than at what page default proxy user(DOMAIN A) will login ? and how to redirect for SAML(second domain(DOMAIN B).