Steps in QMC:
- Create new Virtual Proxy
Identification
Name: Azure
Prefix: azure
Session inactivy timeout: 30
Session cookiename: X-Qlik-Session-Azure
Authentication
Anonymous access mode: No anonymous user
Authentication method: SAML
SAML Host URI: https://your-qliksense-server.domain.tld/
SAML Entity Id: https://your-qliksense-server.domain.tld/azure/
SAML IdP Metadata: (comes next, after creating application in Azure AD)
SAML attribute for user ID: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
SAML attribute for user directory: [Azure]
SAML signing algorithm: SHA-1
Load balancing
Add your Proxy here.
Steps in Azure:
- Login to Azure old portal at https://manage.windowsazure.com/
- Navigate to your Azure Active Directory, select Applications
- Add an application. Choose "Add an application my organization is developing".
- Give it a name, choose "WEB APPLICATION AND/OR WEB API".
- Sign-on url: https://your-qliksense-server.domain.tld/azure/, app id uri can be the same uri.
- Configure application, add Reply URL https://your-qliksense-server.domain.tld/azure/samlauthn/
- Click View endpoints in the bar on the bottom.
- Navigate to your FEDERATION METADATA DOCUMENT Url, e.g. https://login.microsoftonline.com/<your-tenant-id>/federationmetadata/2007-06/federationmetadata.xml. Download that document to your computer.
Step back in QMC:
- Upload metadata XML in your Virtual Proxy, field SAML IdP Metadata.
Navigate in a new private window of your browser to https://your-qliksense-server.domain.tld/azure/. You should be redirected to https://login.microsoftonline.com/<your-tenant-id>/saml2?<long-querystring>. After entering your Azure credentials here you should be redirected back to Qlik Sense. You might get a QS access error (the nice one) due to a missing license. The user should be visible in QMC.
.png "Luminary Alumni"){kind=icon}
