Qlik Community

Ideas

Vote for your favorite Qlik product ideas and add your own suggestions.

Temporary access pass for QSD authentication

Contributor II
Contributor II

Temporary access pass for QSD authentication

Starting 1st of July 2020 Qlik Sense Desktop (QSD) can only be used if authenticated against Qlik Sense Enterprise (QSE) server with user access.
In our organization, the QSE installation is inside the internal network and, because of network policy, it cannot be exposed to public.
Thus, QSD cannot be used outside our network, whereas, we are expressly interested in using it outside our network!
Please note that the use cases in which we can benefit of Qlik Sense Desktop instead of the corporate client-server Qlik are indeed “outside office” situations where the connection to our corporate VPN is difficult or inconvenient.
Sometimes, further than “outside office” we have even “off-line” situations (while travelling, or in countries or contexts without sufficient band, etc..) so that we may just count on a minimal internet availability to authenticate at the beginning.
We are indeed strongly convinced that the new policy of allowing QSD for Qlik Customers makes sense exactly in these kind of situations.
 
Idea: A functionality for generating an offline "token" or "access pass" valid for 1 week on your Qlik Sense Enterprise server and then use this signed token as a way of authentication for QSD without actually having to connect to the Enterprise server. We can say that this is useful for people using QSD in airplanes or with devices that are not able to establish a connection to internal servers of the organisation.
4 Comments
Contributor
Contributor

Indeed, authenticating against an internal server is a bad idea. In the past, authenticating against cloud.qlik.com was OK, because you only needed Internet. Now you need a VPN, exposing your corporate in-house server to Internet, etc.

I would highly recommend eliminating the need for communication between Qlik Sense Desktop and the Qlik Sense Enterprise server.

A token is a great compromise (no need for connection between servers, works offline, dies after a while) and honestly, you are already paying a very expensive licence for the in-house server. I don't think Qlik should make things so difficult so people in an organisation cannot benefit from the licences they already have.

I support this initiative 100%.

Employee
Employee

Hello @stamos2000,

Thanks for your idea. Going forward, please use one, and only one, label per post. Please refer to the submission guidelines for more details.

Partner
Partner

To be honest, as per your requirements I think this behaviour is already working.

Please refer to this KB article: https://support.qlik.com/articles/000097399

  1. Before you can start using Qlik Sense Desktop, you need to authenticate yourself either with your Qlik Account or against a Qlik Sense Enterprise server. You need to have a working network connection to enable authentication.
  2. After you have been authenticated once, internet access is not required to continue using Qlik Sense Desktop. However, you have to re-authenticate yourself if ten days have passed since you last authenticated, if you have logged out, or if your administrator has revoked your user access for Qlik Sense Enterprise server. If you are using SAML authentication and close the browser, the session ends and the cookie is deleted so you must re-authenticate yourself to start a new session.

 

I tried with QS Desktop June 2020 Patch 1 and for me this is still the working behaviour.
Anyway, I recall that in previous releases if you were connected to the same network as your QS Enterprise, authentication would be required again (even if you authenticated against QS Enterprise a few minutes ago).

In case you're working with QS SaaS (Enterprise/Business) or with the Mobile apps (Android/iOS/...), then you'll need to authenticate yourself each time as far as I know.

I hope this helps,
Riccardo

 

Contributor
Contributor

Dear @rzenere,

What is being asked here is to be able to authenticate using a TOKEN generated in the Qlik Sense Enterprise server WITHOUT needing Qlik Sense Desktop (QDS) to connecto to the server. The current scheme requires connection between QSD and Qlik Sense Enterprise (QSE).

E.g: I go to my enterprise server, click on a button and generate a token (a big string representing a signed token valid for 1 week) that I can then copy and paste into Qlik Sense Desktop. No connection needed between the QSD machine and the QSE server.

This way, employees from companies that don't allow installing QSD on corporate computers could use QSD in their personal machines, for work purposes (because these organisations also don't allow you to connect to the internal network from a non-corporate computer). Also, some organisations work with very sensitive data and computers must be disconnected from any kind of network while dealing with such data. In this case, QSD would be ideal but then also the current authentication based on links and connections to QSE would not work.

We are already paying for the licence, which is not cheap. Would it really be so difficult to implement an alternative authentication mechanism?

I hope this clarifies a bit what is being asked.

Regards,

Celso.