What Authentication method is best for multiple external client groups?
I've researched the different methods for external authentication to our on-prem server, but am wondering which method I should explore that might make the most sense for our situation: 1. Only a few local users from our own company (AD) - access via built-in Windows Authentication 2. Users from external clients A,B,C... (approx 5-15 users per client)
For now, we only have one external client, so I've come to the conclusion that the easiest and quickest way is to add these 5-15 users to our internal AD in a special group and simply have them Authenticated via the built-in Windows auth.
In the future, we may have more clients, as we build dashboards with our data but specific to each client. In that case, continuing to add to our AD may not be possible. And we could run into a client that requires hundreds of user access.
In that case, it appears we could use an IdP with SAML, or design some sort of app that will provide JWT/ticket. This obviously seems like a huge effort. Big enough that I'm considering just flipping over to Qlik Sense Cloud to allow Qlik to handle the authentication.
Has anyone encountered this type of setup and has any suggestions for external IdP or module that can be configured to maintain login information for many external users? Is Qlik Cloud a legitimate solution to this setup?
Different approaches would need different kind of efforts here:
- SAML or OIDC -> You can allow your customer to bring their own Identity Provider with their users, but you need to set up the virtual proxy and security rules accordingly for them.
- Ticket or JWT -> You would need to create your own authentication portal where users can register/login before getting to Qlik Sense, in a similar way that they have to register a QlikID when they want to use Qlik Sense Cloud.
There is also some security rules implication here, but it can be done in a more dynamic way than with SAML/OIDC as you have better control on the attributes assigned on the user once they're registered as it's your won authentication portal.
As far as I am aware, the Ticket/JWT solution is the most used by Qlik OEM customers as it offers better control.
Hope that helps.
If the issue is solved please mark the answer with Accept as Solution.