Indeed, authenticating against an internal server is a bad idea. In the past, authenticating against cloud.qlik.com was OK, because you only needed Internet. Now you need a VPN, exposing your corporate in-house server to Internet, etc.

I would highly recommend eliminating the need for communication between Qlik Sense Desktop and the Qlik Sense Enterprise server.

A token is a great compromise (no need for connection between servers, works offline, dies after a while) and honestly, you are already paying a very expensive licence for the in-house server. I don't think Qlik should make things so difficult so people in an organisation cannot benefit from the licences they already have.

I support this initiative 100%.

Hello @stamos2000,

Thanks for your idea. Going forward, please use one, and only one, label per post. Please refer to the submission guidelines for more details.

To be honest, as per your requirements I think this behaviour is already working.

Please refer to this KB article: https://support.qlik.com/articles/000097399

1. Before you can start using Qlik Sense Desktop, you need to authenticate yourself either with your Qlik Account or against a Qlik Sense Enterprise server. You need to have a working network connection to enable authentication.
2. After you have been authenticated once, internet access is not required to continue using Qlik Sense Desktop. However, you have to re-authenticate yourself if ten days have passed since you last authenticated, if you have logged out, or if your administrator has revoked your user access for Qlik Sense Enterprise server. If you are using SAML authentication and close the browser, the session ends and the cookie is deleted so you must re-authenticate yourself to start a new session.

I tried with QS Desktop June 2020 Patch 1 and for me this is still the working behaviour.
Anyway, I recall that in previous releases if you were connected to the same network as your QS Enterprise, authentication would be required again (even if you authenticated against QS Enterprise a few minutes ago).

In case you're working with QS SaaS (Enterprise/Business) or with the Mobile apps (Android/iOS/...), then you'll need to authenticate yourself each time as far as I know.

I hope this helps,
Riccardo

Dear @rzenere_avvale,

What is being asked here is to be able to authenticate using a TOKEN generated in the Qlik Sense Enterprise server WITHOUT needing Qlik Sense Desktop (QDS) to connecto to the server. The current scheme requires connection between QSD and Qlik Sense Enterprise (QSE).

E.g: I go to my enterprise server, click on a button and generate a token (a big string representing a signed token valid for 1 week) that I can then copy and paste into Qlik Sense Desktop. No connection needed between the QSD machine and the QSE server.

This way, employees from companies that don't allow installing QSD on corporate computers could use QSD in their personal machines, for work purposes (because these organisations also don't allow you to connect to the internal network from a non-corporate computer). Also, some organisations work with very sensitive data and computers must be disconnected from any kind of network while dealing with such data. In this case, QSD would be ideal but then also the current authentication based on links and connections to QSE would not work.

We are already paying for the licence, which is not cheap. Would it really be so difficult to implement an alternative authentication mechanism?

I hope this clarifies a bit what is being asked.

Regards,

Celso.

I think what is asked here also applies to a significant percentage of users that use qlik sense desktop and whose company/organization for whatever reason does not / cannot expose their qlik sense server in the internet. 

All these users are now left out of having the advantage to use qsd since they cannot authenticate. The token method suggested in the original post can provide a solution to the problem and sounds like the most appropriate fit as it would satisfy all of the following:

• practicality
• ease of implementation
• security
• keeping qlik sense  customer and user base  "happy" 

Dear @qlikerman, this is exactly our case. We have a QAP exposed to the Internet but not the Qlik Enterprise server.

All of us were left hanging by Qlik and I think there should be a solution for it. The signed token seemed to me like a good idea because it eliminates the need for connection between QSD and QSE server.

Thank you for supporting this initiative. Don't forget to "Like" it.

BTW, what we are asking is exactly the same approach Qlik is using to provide Qlik Sense Desktop to developers (Qlik Branch) using an "unlock file". We would like to be able to generate "unlock files" with our Qlik Sense Enterprise server so they are valid for a limited period of time, without requiring any connection to the server.

This idea is really good. Looking forward to it.

Authentications on Qlik Sense Desktop can be used for 30 days in offline mode

Hi @Caique_Zaniolo I may have understood the feature differently then. I thought this was meant for those Qlik Sense Enterpises behind a firewall or VPN where the Qlik Sense Desktop can't reach (not even once).

I see the status marked as delivered. @cjgorrin were you referring to make the authentications last longer or eliminating the need to reach the QSE completely?

Thanks!