Qlik Community

Ask a Question

Knowledge Base

Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team

Announcements
Live chat with experts, bring your API Integration questions. June 15th, 10 AM ET. REGISTER TODAY

How to configure Qlik Sense access from external network/ internet

Sonja_Bauernfeind
Digital Support
Digital Support

How to configure Qlik Sense access from external network/ internet

When allowing external access to Qlik Sense, there are a handful of configuration steps needed on the server infrastructure to facilitate external access and potentially configuration steps needed on Qlik Sense itself.

For external access, the key questions are:

  1. What URL do you want users to use to access Qlik Sense? (e.g. https://ServerName.company.com vs. https://analytics.company.com)
  2. What type of authentication do you anticipate these external users to use?
  3. What kind of devices will those external users use? Do we need to have a third party certificate for seamless user access over HTTPS?

If you require more detailed assistance with your specific implementation, consider engaging with our active community or obtaining a direct engagement with our Consulting Services.  

 

Environment:

Qlik Sense Enterprise on Windows 

 

Resolution

 

Routing & URL configuration:

Regarding (1), the main actionable steps are:

  1. If you want a friendly name for external (or internal) users, then you will  need to follow up with your infrastructure / networking team to setup an appropriate DNS alias.
    1. If you to use a DNS alias then be sure to adjust the Virtual Proxy Whitelist for all Virtual Proxies which will be used by external users. See Error Message "An error occurred" When Connecting To Qlik Sense Hub for a walk through on how to adjust the Virtual Proxy Whitelist. In brief QMC > Virtual Proxies > Edit > Advanced > Host white list > Enter the DNS alias (e.g. analytics.company.com)
    2. There is no need to place the protocol prefix. So analytics.company.com is preferable over https://analytics.company.com
    3. Do remember this setting is on a per-virtual proxy basis. If you have multiple modes of authentication externally then this will be needed.
  2. Any and all browsers, network devices, and network appliances are required to support HTML5 WebSockets: ref How To Check If The Browser Works With WebSockets 
  3. Independent of the use of a DNS alias, you need to ensure that the appropriate ports are accessible externally.
    1. It is not uncommon for organizations to require that external users either access a server in a DMZ or to use a reverse proxy / network load balancer or other networking appliance at the edge of the network to allow users to access internal resources.
    2. Whether this is required or not is a question for the organization's infrastructure /  networking team.

 

Port Requirements:

In order to determine which port(s) need to be accessible, the administrator needs to verify against the available ports list for the deployed Qlik Sense version. 

See the Qlik Sense for administrators Help > Qlik Sense Enterprise on Windows Architecture > Ports for details. 

SSL Certificates:

After determining the entry point at step 1 (DNS alias vs. servername), the administrator needs to determine what sort of SSL certificate is required.

  1. Do note that iOS devices have a restrictive list of third party certificates which are trusted by Apple. See iOS devices cannot open QlikSense Apps on the HUB for a link to the Apple KB which outlines which vendors are trusted on iOS devices
  2. For Per App VPN issues (iOS 13.3 and lower), see App Based VPN Solution (AirWatch / MobileIron and more) with Qlik Sense
  3. Do note that certain browsers require additional attributes to be on the SSL certificate. See Chrome 58+ and SSL Certificates for a Chrome specific requirement of Subject Alternative Names
  4. After determining any requirements for the SSL certificate from the above bullet points, they need to follow up internally with their security / certificate resources to determine the steps for generating a CSR to request a certificate from third party certificate vendor.
Version history
Revision #:
2 of 2
Last update:
‎2021-05-07 10:22 AM
Updated by:
 
Contributors