Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
thomasmaure
Luminary Alumni
Luminary Alumni
‎2018-10-24 03:36 AM

Multiple User Directories and UDC synchro

Hi ,

I have a question regarding User setup and UDC synchro in a Qlik environment with multiple authentication and User Directories.

I have a first authentication with Corporate Active Directory for employees . User are part of User directory COMPANYDOM

I have a second authentication through SAML for external customers. Users are part of user directory CUSTOMERSAML 

For employees, I would like to setup UDC synchro to get all groups from AD , but I am worried this could 'inactivate' all external customers as they are obviously not in the AD...

I imagine UDC synchro for a specific User Directory should not impact users from another User directory , but if my assumption is wrong I could block all external customers on the Staging phase, so before I start to a trial I would prefer to have an idea of what's going to happen...

If someone could give me the official point of view, this would be helpful 

Regards

Thomas

964 Views
0 Likes
2 Replies
ToniKautto
Employee
Employee
‎2019-02-16 08:27 PM

UDC retrieves attributes for users from a particular user directory. The definition of a user directory is essentially the domain name that is associated with the user identity inside Qlik Sense.
In your case you apply a UDC to sync the internal users from you AD. The synced details will only be applied on users belonging to that specific directory.

UDC does not add any value for users authenticated through SAML. User attributes are retrieved form the SAML assertion during authentication, which means the attributes only persist during the session life and you will never see these in QMC user list. So you should never setup a UDC for SAML based user directories.

For troubleshooting you can expose the received attributes through proxy logs as describe in this Qlik Support article.
https://support.qlik.com/articles/Basic/Security-Rules-Fail-For-SSO-SAML-Users-and-The-Group-or-Othe...
908 Views
0 Likes