Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
sootlaj
Contributor
Contributor
‎2020-11-17 08:04 AM

Qlik sense adfs user name and user preconfiguration

Hello

I have two issues at hand, both are concerning ADFS authentication.

1) We have set ADFS authentication and everything is working fine but user name and user id is the same value username@domain.com. Now I would like the user name to be AD Display name, so on adfs I added Display-Name to Common name to the claim rules and also configured an additional SAML attribute mapping for the adfs virtual proxy. In the additional mapping I configured SAML attribute http://schemas.xmlsoap.org/claims/CommonName to QS attribute name and also set it mandatory. I can successfully login but the user name still is the same as user ID, which is basically UPN. Am I doing something wrong?

2) Is it possible to preconfigure ADFS users in QS before they log in first time? It would make user right assignment a lot easier for us.

Labels (4)
Labels
682 Views
0 Likes
1 Reply
Levi_Turner
Employee
Employee
‎2020-11-18 10:23 PM

For (1), you're going to need to change the SAML attribute for userId to the CommonName attribute URL. Like so:

Levi_Turner_0-1605756002910.png

 

For (2), you have two options:

a. Connect to a User Directory (like Windows AD)
b. Use rules and pass along attributes from ADFS

In my example, I am passing groups in the SAML assertion which I can later use in security and/or license rules (https://www.youtube.com/watch?v=h5nBdt969XI). 

Most organizations prefer (a) so you'll want to ensure that the SAML attribute for user directory matches the domain name (in my example I have DOMAIN as the NETBIOS name for my Active Directory domain) and the SAML attribute for user Id matches the user's sAMAccountName. In my example it'd be DOMAIN\levi.

 

649 Views