Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
ALERT: QlikView server communication interruptions following Microsoft Windows Domain Controller security updates

MAM configuration for Qlik Analytics mobile app with Intune

No ratings
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Andrew_Kruger
Employee
Employee

MAM configuration for Qlik Analytics mobile app with Intune

Last Update:

Jun 1, 2026 7:37:59 AM

Updated By:

Sonja_Bauernfeind

Created date:

Jun 1, 2026 7:37:59 AM

This article documents an example of how to configure MAM control of the Qlik Analytics Mobile app

The example is provided as is. Qlik does not offer guidance on configuring Entra Conditional Access policies or broader Intune deployments. For those details, see Learn about Conditional Access and Intune in the Microsoft documentation.

As per Securing and configuring the Qlik Analytics mobile app with Microsoft Intune and the section titled Conditional Access scope considerations, the authentication flow for the mobile app follows the Qlik Cloud IDP OIDC progression.

The pattern and steps outlined in this article are the working example Qlik used in verification testing of the Conditional Access control for the Qlik Analytics mobile app policy deployment. Your own policy and configuration definitions may vary, and Microsoft documentation or support should be contacted for further help that is specific to your Entra and Intune environments.

  1. Identify the IDP App Registration:

    1. Navigate to Entra ID → App registrations
    2. Locate the OIDC IDP app registration and note the Application (client) ID
    3. Confirm this is the client ID presenting itself during the OIDC browser redirect

  2. Modify Existing All Cloud Apps Policy
    1. Navigate to Protection  Conditional Access  Policies
    2. Open the existing All Cloud Apps policy
    3. Go to Cloud apps or actions  Exclude and add the IDP app registration client ID
    4. In Conditions  Device platforms: Any device
    5. In Conditions → Client apps: Browser + Mobile apps and desktop clients
    6. Grant access: Require device to be marked as compliant
    7. Save and set to Report-only at first

  3. Create a new Targeted Policy for IDP Registration
    1. Create a new CA policy
    2. Set Users to the same scope as the existing policy
    3. Set Cloud apps to include IDP app registration only
    4. In Conditions  Device platforms: iOS, Android, macOS, Linux
    5. In Conditions  Client apps: Browser + Mobile apps and desktop clients
    6. Grant access: Require multifactor authentication (MFA)
    7. Set to Report-only at first

  4. Validate in Report-Only before enabling

    1. Navigate to Sign-in logs
    2. Attempt the auth flow on a test device
    3. Check the sign-in log entry for the OIDC redirect leg
    4. Confirm report-only shows that the existing policy (Step 2) would have passed for a compliant device excluded
    5. Confirm report-only shows that the new policy (Step 3) would have passed for MFA on Authentication via Authenticator
    6. Once both are confirmed, switch both policies to enabled

On the test device:

  1. Clear app session state and OIDC tokens
  2. Re-attempt the full auth flow end-to-end
  3. Confirm OIDC leg completes → local token issued -> on Authentication via Authenticator
  4. Confirm MSAL leg completes → MAM policy on device confirmed
  5. Confirm Qlik Analytics loads successfully

 

 

Environment

  • Qlik Cloud
  • Qlik Analytics mobile with Intune
Labels (1)
Labels:
38 Views
Was this article helpful? Yes No
Version history
Last update:
9 hours ago
Updated by:
Digital Support