Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Dec 16, 2022 3:39:38 AM
Dec 16, 2022 3:38:06 AM
By default, Qlik Enterprise Manager uses Single Sign-on through Windows Authentication to authenticate users.
Qlik provides several ways to control the login process:
- Single Sign-on authentication
- Single Sign-on authentication with Kerberos
- Form Authentication
- SAML authentication
In this document, we demonstrate the use of the two most commonly used authentication methods:
- Single Sign-on authentication
- Form Authentication
Controlling the way the users log in to Qlik Enterprise Manager can be done via the Qlik Enterprise Manager Command Line Interface.
All commands in this section should be Run as administrator... from the Qlik Enterprise Manager bin directory. The default location is C:\Program Files\Attunity\Enterprise Manager\bin.
When the Qlik Enterprise Manager data folder is in a non-default location (such as in a cluster installation), make sure to include the --d data_folder parameter in all commands, where data_folder is the location of the data folder.
The parameter should immediately follow the name of the Qlik Enterprise Manager executable file (e.g. aemctl --d f:\mydatafolder {command} {parameters})
Changes to the authentication method will take effect only after you restart the Qlik Enterprise Manager service.
If Form authentication is used, all Login/Logout operations are reported to the Audit Trail.
Windows Authentication
By default, Qlik Enterprise Manager uses Single Sign-on through Windows Authentication to authenticate users.
When a user accesses the Qlik Enterprise Management URL, they are automatically authenticated as their logged-in Windows user. No prompt is provided and the Qlik Enterprise Manager main screen opens:
Form Authentication
You may prefer to have users interactively log in to Qlik Enterprise Manager. This can be configured in the command line interface.
All commands in this section should be Run as administrator... from the Qlik Enterprise Manager bin directory. The default location is C:\Program Files\Attunity\Enterprise Manager\bin.
When the Qlik Enterprise Manager data folder is in a non-default location (such as in a cluster installation), make sure to include the --d data_folder parameter in all commands, where data_folder is the location of the data folder.
To enable form authentication:
- Open a command line as an administrator in the correct directory and run:
aemctl.exe configuration set --authentication_method form
Example: - Verify the response:
- Restart the Qlik Enterprise Manager service.
- After the restart, users will be presented with the following screen:
Configure user session inactivity timeout
If you like to close the user’s session after a set time of inactivity, you can set a user timeout in the command line.
- As per above, navigate to the correct directory and execute:
aemctl.exe configuration set --authentication_method form --user_timeout 2 - Verify the response:
- Restart the Qlik Enterprise Manager service.
- The user will be notified about the session expiration:
Specify the Active Directory domain
You can specify an Active Directory domain name that will be used when a user logs in. This means the user does not have to supply the domain name and can log in using only their username.
- As per above, navigate to the correct directory and execute:
aemctl.exe configuration set --authentication_method form --domain DomainName - Verify the response:
- Restart the Qlik Enterprise Manager service.
- The user can log in with his user mane and password only:
Reverting back to using the default Windows Authentication
You can revert to using Single-Sign at any time using the command line.
- As per above, navigate to the correct directory and execute:
aemctl.exe configuration set --authentication_method sso - Verify the response:
- Restart the Qlik Enterprise Manager service.
- Users are now once again automatically logged in with their Windows users:
Environment
Qlik Enterprise Manager (all versions)
