Unfortunately it seems iframes do not pass NTLM credentials so I need a way to pass the current userID to Qlik so that the correct user token is used.
I tried the anonymous route with login passes but iframes lose the session so 1 person refreshing the page can max out all the passes *rollseyes*