Correct management of sessions between QlikSense a... - Qlik Community

danette · ‎2024-05-13

Hello!

We have QlikSense on prem; at the authentication level, we would like to connect a website where users authenticate using Office365 accounts, to the QlikSense application.

I'll try to explain our need: we have a website; users authenticate with their Office365 accounts. They exists also on QlikSense in the users list because the list is automatically updated every day. I want that when a user log in into the website, he is authenticated also on QlikSense.

How can I accomplish this?

I tried to explore the solutions in the documentation, bot got lost.

Thank you

FabioSanchesRibeiro · ‎2024-05-13

Hello @danette,

I'm not sure if I understood your scenario very well, but I'm imagining that you are wondering if it is possible to authenticate users on Qlik Sense using a Microsoft 365 account (office 365 account).

Yes, it is possible.

Please review the documentation below.

Using OIDC

Qlik Sense for Windows: How to configure OIDC with... - Qlik Community - 1812401

Using SAML

Tutorial: Microsoft Entra SSO integration with Qlik Sense Enterprise Client-Managed - Microsoft Entr...

Kind Regards,

Fábio S. Ribeiro

danette · ‎2024-05-13

Hi!

Thank you for your reply, but I want to do something different.

I have a third party website. Users already authenticate in this website. When they go to a QlikSense application (which is published in another website), how can I make QlikSense understand that the user is already authenticated and that he is for example 'John Smith'? Consider that John Smith also exists as a user in QlikSense users list.

Should I use an api? Should I use cookies?

Thank you

FabioSanchesRibeiro · ‎2024-05-13

Hi @danette,

The only way for Qlik Sense to recognize an external user is by configuring the external website as a Qlik Sense authentication module.
Here is how it works:
https://help.qlik.com/en-US/sense-developer/February2024/Subsystems/ProxyServiceAPI/Content/Sense_Pr...

So in your scenario, you mentioned that the users are authenticated on the system using their O365 account.
In this case, if you configure Qlik Sense to authenticate your users using the Microsoft Entra ID as I explained before.

When an authenticated users try to access the Qlik Sense, he already has a session and a cookie created previously, he just needs to pass them to the virtual proxy configured to validate those users.

danette · ‎2024-11-13

Hi Fabio,

I've done a bit of studying and wanted to check if I understand everything correctly.

Here’s the situation: the user authenticates on the web portal using Microsoft Entra. The web portal itself then performs additional checks (a user can enter the web portal only if they authenticate via Entra and if they are included in the list of allowed users configured on the portal). Only once the user is permitted on the web portal, he can also be authenticated on Qlik Sense.

So, given that a user must authenticate with Entra and also meet custom rules within the web portal, I assume I need to create a virtual proxy on Qlik Sense using the ticket method as Authentication method—correct? I believe I cannot use SAML or OIDC directly with Microsoft Entra because that would bypass the additional checks performed by the web portal.

If I’m correct, I believe I should implement the ticket method and use the Ticket and Session APIs, right? If so, I'm having some difficulty because the documentation I’ve found seems outdated. Is there any updated documentation on how to implement this type of authentication?

Thanks in advance for your help!

Correct management of sessions between QlikSense and third party website

API

Integration