Qlik Community

Ask a Question

Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
LINKEDIN LIVE: Democratizing data to enhance customer-centricity. JULY 29TH REGISTER TODAY
cancel
Showing results for 
Search instead for 
Did you mean: 
biowan-ch
Contributor
Contributor

Multi AD domain authentication

Hi all,

I'm newbie in Qlik Sense.
With our server, we installed Qlik Sense with a Windows AD domain, authentication with Analyzer access allocations users work fine.

Now, we must add second domain users. I can configure the connector and I can have the second domain user in the User list. I assigned new users in the Analyzer access allocations too. But the authentication is not possible. In the log file QLIK_Audit_Proxy.txt, I get only "Login: failed. 0 Second_domain Username".

Thank you for your help.
b

Labels (3)
2 Solutions

Accepted Solutions
Bastien_Laugiero

Hello,

Yes the problem will be the same with Generic LDAP I am afraid. 

The only way I can think of without enabling trust between the domains is to implement SAML Authentication with ADFS.

Here is some documentation about it: https://help.qlik.com/en-US/sense/April2019/Subsystems/ManagementConsole/Content/Sense_QMC/SAML-conf...

Hope this helps!

Bastien Laugiero
If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.

View solution in original post

Giuseppe_Novello

Like Bastien replied, the problem is not by adding the UDC in QMC, becuase adding UDC is not for authentication purposes. Qlik Sense does not perform the authentication, it is done by windows or any IDP of your choice. If your hosting service AD cannot access/trust the secondary AD, there won't be a way to validate the end user and as result and login failure. 

 

BR

Gio

Giuseppe Novello
Principal Technical Support Engineer @ Qlik

View solution in original post

4 Replies
Giuseppe_Novello

You have to make sure that there trust AD relationship between the AD that the hosting server is on and the the new AD. If there's none, then Windows Auth won't be able to validate the user, which include authenticate them. . Go to Windows event logs > security, look for any errors. 

 

BR

Gio

Giuseppe Novello
Principal Technical Support Engineer @ Qlik
biowan-ch
Contributor
Contributor
Author

Hi Gio,

Thank you for your reply.

Unfortunately, we cannot trust the domains, not technical reason, but the political reason. So.

Can you tell me it will be same if I use the Generic LDAP connector ?

Many thanks for your help.
b

Bastien_Laugiero

Hello,

Yes the problem will be the same with Generic LDAP I am afraid. 

The only way I can think of without enabling trust between the domains is to implement SAML Authentication with ADFS.

Here is some documentation about it: https://help.qlik.com/en-US/sense/April2019/Subsystems/ManagementConsole/Content/Sense_QMC/SAML-conf...

Hope this helps!

Bastien Laugiero
If a post helps to resolve your issue, please mark the appropriate replies as CORRECT.

View solution in original post

Giuseppe_Novello

Like Bastien replied, the problem is not by adding the UDC in QMC, becuase adding UDC is not for authentication purposes. Qlik Sense does not perform the authentication, it is done by windows or any IDP of your choice. If your hosting service AD cannot access/trust the secondary AD, there won't be a way to validate the end user and as result and login failure. 

 

BR

Gio

Giuseppe Novello
Principal Technical Support Engineer @ Qlik

View solution in original post