Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
WEBINAR June 25, 2025: Build on Apache Iceberg with Qlik Open Lakehouse - REGISTER TODAY
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
GOKULAKANNAN
Creator II
Creator II
‎2025-04-15 04:29 AM

Can we have two IDP's active at a same time in Qlik cloud

Hi Team, 

Am trying to implement SAML through forgerock in my qlik cloud, while implementing when i enabled the SAML IDP it will allow all the users to login through the IDP portal, if its disabled then it will navigate to Qlik portal for the authentication, the problem is when its enabled the users who don't have to IDP portal but having access to Qlik not able to login, since it's redirecting to IDP portal, Is there any way to resolve this, I think only one IDP can be active in a tenant, but is there a way that Azure based IDP and Forgerock in a same time, i.e users who are all have access to IDP they can login, else they can login through Qlik . 

Labels (4)
Labels
294 Views
1 Solution

Accepted Solutions
eyalnir_qlik
Partner - Creator
Partner - Creator
‎2025-04-15 04:41 AM

 

Hi,

You're right in noting that currently Qlik Cloud supports only one active IdP per tenant. Once SAML is enabled and configured (e.g., with ForgeRock), all authentication requests are redirected through that IdP — and there's no native fallback mechanism to Qlik's own login or an alternative IdP like Azure AD.

If some users shouldn't authenticate via ForgeRock, but still need access, you might want to consider the following workaround:

  • Federation at the IdP level: You can configure ForgeRock (or Azure, depending on which one acts as the main entry point) to route users internally based on attributes like email domain or group membership. This way, you still have only one IdP configured in Qlik Cloud, but internally, users are directed to the correct authentication flow.

  • Another (more complex) option would be to split users into separate Qlik Cloud tenants, each with its own IdP, though this comes with its own set of limitations and overhead.

https://community.qlik.com/t5/Official-Support-Articles/Qlik-Sense-Cloud-and-multiple-IdPs/ta-p/1778...

View solution in original post

290 Views
0 Likes
1 Reply
eyalnir_qlik
Partner - Creator
Partner - Creator
‎2025-04-15 04:41 AM

 

Hi,

You're right in noting that currently Qlik Cloud supports only one active IdP per tenant. Once SAML is enabled and configured (e.g., with ForgeRock), all authentication requests are redirected through that IdP — and there's no native fallback mechanism to Qlik's own login or an alternative IdP like Azure AD.

If some users shouldn't authenticate via ForgeRock, but still need access, you might want to consider the following workaround:

  • Federation at the IdP level: You can configure ForgeRock (or Azure, depending on which one acts as the main entry point) to route users internally based on attributes like email domain or group membership. This way, you still have only one IdP configured in Qlik Cloud, but internally, users are directed to the correct authentication flow.

  • Another (more complex) option would be to split users into separate Qlik Cloud tenants, each with its own IdP, though this comes with its own set of limitations and overhead.

https://community.qlik.com/t5/Official-Support-Articles/Qlik-Sense-Cloud-and-multiple-IdPs/ta-p/1778...

291 Views
0 Likes