Hi all,

We are using Qlik Sense Enterprise on Windows, and currently have a mashup hosted on devqlik.our-domain.com which is in the same environment as our Qlik Sense deployment. Users successfully authenticate via Okta and access the mashup without any issues.

Our current task is to integrate the same mashup into another portal hosted on a different domain — for example, external-portal.com. We created a simple test.html file that includes:

<script src="https://devqlik.our-domain.com/okta/resources/assets/external/requirejs/require.js"></script>

(other resources like

qlik-styles.css

behind Okta are also referenced.)

While we are logged into Okta in a separate browser tab, accessing external-portal.com/test.html fails to load require.js from devqlik.our-domain.com. The browser DevTools show a 302 Found redirect to an Okta SSO endpoint (e.g., Location: ...okta.com/.../sso/saml?SAMLRequest=...).

This suggests the request is being redirected for authentication, despite the existing Okta session and valid cookies being present in the browser.

Question:
Is this behavior expected? Could this be due to client-side cross-domain restrictions (e.g., third-party cookies or CORS), or is it likely a server-side configuration issue? Our back-end engineer mentioned that our host has been added to the list of allowed hosts.

Additional context:

• This is the first phase of our integration. The final goal is to embed and load Qlik reports seamlessly, without requiring Okta authentication — potentially via ticket-based authentication.

• The external portal (external-portal.com) currently uses Keycloak for user authentication.

I’d appreciate any guidance on whether this issue lies on the client or server side, and any suggestions for how to move toward a seamless integration using ticket authentication or other approaches.

Any insights or similar experiences would be greatly appreciated.

Thanks!