Question:
The help site for Qlik Sense Enterprise for Windows mentions, among the characteristics of a multi-cloud deployment, "an identity provider that supports OIDC and SAML to integrate user authentication between on-premises and cloud, or a local bearer token".
What is the difference between the two options?
Environment:
Answer:
While it's not necessary to have an identity provider (check the Multi-Cloud FAQ for more details), that is the recommended option for having a fully integrated set-up, where users are shared between the on-premise and SaaS environments.
Here are the main differences:
- Identity Provider (IdP)
- no duplicated users, which means that one person will only consume one license allocation
- a central repository for all users, integrated between environments
- it requires getting the service from a third party (generally at a cost) and implementing a solution
- Local Bearer Token
- can be used immediately, without having an Identity Provider
- easy setup
- separate set of user repositories. Typically: Active Directory for on-premise access and QlikID for SaaS access*
- the same person will use two license allocations when accessing SaaS and on-premise applications
* For some companies this might actually be a preferred choice (e.g.: granting SaaS access to external users authenticating with QlikID, and keeping the on premise version for internal ones on AD)
