This article explains how to set up a dynamic domain name (User Directory in Qlik Sense) based on an ADFS claim description.
This can be useful if you have users from several different domains that are logging in to Qlik Sense through ADFS.
This assumes you have already set up ADFS correctly with Qlik Sense with a static User Directory.
Resolution:
In ADFS, in claim descriptions, choose "Add Claim Description"
Create a new claim with a name and claim type of your choice. Claim type must have the below format.
In Relying Party Trusts, choose the Reying party trust created for Qlik Sense and in the right pane, choose "Edit Claim Rules"
In the existing claim rule, make sure to include SAM-Account-Name:
Create a second rule based on template "Send Claims Using a Custom Rule" with the following rule:
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Value =~ "^.*(\\).*$"]
=> issue(Type = "http://temp.org/windowsdomainnamenetbios", Value = RegexReplace(c.Value, "\\.*", ""));
On the Qlik Sense side, in virtual proxy settings, including the newly created claim description as the SAML attribute for user directory
You should now be able to log in to the hub, the domain name will be registered correctly in Qlik Sense even if you have users from several different domains as long as they are allowed to log in through ADFS.