Skip to main content
Announcements
Global Transformation Awards! Applications are now open. Submit Entry
cancel
Showing results for 
Search instead for 
Did you mean: 
M_B
Contributor III
Contributor III

How can I implement SAML AD FS 2FA with Qlik Sense without redirecting to IDP?

Hello,

I have been asked to implement 2FA to our external Qlik Sense link (running May 2024 Patch 4 if it matters). While I have finished this task with the help of the company responsible for the 2FA software, an issue remains where the Qlik Sense link redirects to the 2FA machine. Of course since that machine is not made public, it is impossible to log in. It does work internally.

I am trying to find out if there is a way to keep the log in dialog box to be provided by the Qlik Sense server, while it communicates in the back-end with the 2FA server. I have not worked with API's before but if I can get some pointers on who to ask or who is to implement this then I can get the ball moving again. Everyone who is involved in this chain (network, security, etc) says it is not from their side.

Thanks in advance.

Labels (2)
1 Solution

Accepted Solutions
M_B
Contributor III
Contributor III
Author

I have been searching for quite a while now and it seems the only way to add an OTP or authenticator is through SAML for the time being (if there are other methods, I am not aware of them). Qlik support recommended contacting professional services so they might have a way. Our IT guys said they'll put the finishing touches to the solution since it is 90% ready.

I hope Qlik can add native support for authenticators with Client-Managed installations.

View solution in original post

3 Replies
M_B
Contributor III
Contributor III
Author

Hello @Ray_Strother,

I have used the following links to already set up MFA:

The problem is not how to set up MFA, I already did it through SAML AD FS. The problem I am facing (if you could carefully read the post) is about the behavior of the authentication method.

If I enter https://qliksense.companysite.com in the address bar I am redirected to https://SAMLMachineName.companysite.com . Internally, this works without a problem. Externally, <------(this here is the issue) it does not work because the SAML server is not made public with a DNS name. I am asking: Is there a way to not redirect and pass the log in box from and within Qlik Sense to the user. I do not want the login page to change. I want the users to remain at https://qliksense.companysite.com and be served the login request from https://SAMLMachineName.companysite.com through the back-end. If possible. If not, maybe I can switch to OIDC if it can serve this purpose.

M_B
Contributor III
Contributor III
Author

I have been searching for quite a while now and it seems the only way to add an OTP or authenticator is through SAML for the time being (if there are other methods, I am not aware of them). Qlik support recommended contacting professional services so they might have a way. Our IT guys said they'll put the finishing touches to the solution since it is 90% ready.

I hope Qlik can add native support for authenticators with Client-Managed installations.