Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
Michael_Tarallo
Employee
Employee

jeff3.jpg
Hello everyone, today I have the pleasure of introducing Jeff Goldberg as our guest blogger - (jog‌) - Jeff is a Senior Enterprise Architect on the Americas Pre-sales team who has worked in various technology positions for over 15 years. In between running half-marathons and crushing crossfit workouts , Jeff focuses on integration, deployment, automation, security, and api topics across a wide range of software.  If you have a technical challenge, Jeff can put you on a path to figuring out the best way to overcome it. Jeff has the extreme pleasure of introducing you to SAML authentication with Qlik Sense, not only in text - but as well in supporting videos. Thanks for this valuable contribution Jeff!

Qlik Sense SAML

With the release of Qlik Sense 2.0, we introduced SAML as an authentication option between enterprise identity management systems (known as identity providers) and Qlik Sense. While SAML is a standard for authentication and authorization, it is open to interpretation and variability in its implementation.  Consequently, implementing SAML can be a bit tricky.  The goal of this blog post is to demystify SAML and provide some examples you can use to implement it with Qlik Sense.

SAML stands for Security Assertion Markup Language, an xml based authentication and authorization standard for web applications to exchange user credentials and attributes.  SAML works between two parties, an identity provider (IdP) and a service provider (SP), to facilitate single sign-on access to secure content for a user.

Identity providers come in a variety of shapes and sizes.  Salesforce.com, Active Directory Federation Services, and Ping Federate are just a few of the options available for handling the authentication components of the SAML handshake. The service provider is the system with the content we want to access.  In this case, Qlik Sense is the service provider.

The figure below illustrates the SAML authentication process.

Keep in mind the SAML protocol is an open standard, therefore, implementing the solution between the SP and the IdP differs based on the requirements of the chosen provider.

For example:

  • ADFS metadata contains a whole section of information that needs to be removed before it is imported into Qlik Sense. 
  • With Ping Federate, the IdP configuration needs to have the name ID format for the SAML response manually set to transient or the user authentication to Qlik Sense will fail. 
  • One login doesn’t care about the name ID format for the response.

Bottom line, expect some trial and error when configuring SAML, regardless if it’s with Qlik Sense or some other solution.

To ease the pain and hopefully reduce frustration, we have created some videos to help walk through configuring different SAML identity providers with Qlik Sense.  As we encounter more flavors of IdP, we will create content to help with configuration.

For now, have a watch of the following videos, enjoy!

Video Link : 3601

Video Link : 3605

Video Link : 3653

Video Link : 3652

23 Comments
Anonymous
Not applicable

I am unable to do the integration, as the parameter wantAssertionsSigned = "true" & AuthnRequestsSigned = "false" are different as compared to your video.

Please help me here.

4,102 Views
Anonymous
Not applicable

Update : I was successful in integrating Salesforce with QlikSense just by following the exact same steps as in your video,even though the value of one of the parameter was different.

4,102 Views
Anonymous
Not applicable

I want to integrate QlikSense with Veeva Irep(CRM mobile) such that the rep logins to IREP can see QlikSense dashboards with SSO.

Here, is it possible that we can save some licensing cost to the company via this integration?

That Multiple User from Veeva CRM can view reports pertaining to his/her territory made in QlikSense, with QlikSense having single or few user?

Basically, we want to map users b/w Veeva and QS with cardinality many :1.

4,062 Views
jjuarezh
Contributor II
Contributor II

Hi, I want to integrate Azure AD with Qlik Sense, but i get the error 400, I followed the documentation of Microsoft and the tutorial of one login, and still the same error, can anyone help me?

0 Likes
4,062 Views
ssamuels
Partner - Creator
Partner - Creator

Hi Jair, I have successfully integrated with Azure AD for SAML authentication, so maybe I can help you. What are the configuration steps that you have followed?.

0 Likes
4,062 Views
jjuarezh
Contributor II
Contributor II

Thanks for your answer. I been follow the documentation of azure,Tutorial: Azure Active Directory integration with Qlik Sense Enterprise | Microsoft Docs‌.

0 Likes
4,062 Views
ssamuels
Partner - Creator
Partner - Creator

Can you provide a screenshot of the configuration (properties) of the Application in Azure AD and also the virtual proxy in Qlik Sense?

0 Likes
4,062 Views
jjuarezh
Contributor II
Contributor II

Hi, i made a question about it in Error 400- SAML Null request

0 Likes
4,062 Views
lfimotoo
Contributor II
Contributor II

Hi Naman.

Were you able to integrate to Azure AD even though the wantAssertionsSigned and AuthnRequestsSigned were different to the video?


I am facing the error "AADSTS50011: The reply uri specified in the request is not a valid URL" when logging through O365, and I was guessing the problem was related to AuthnRequestsSigned property (mine is set to "true", whereas in video the value is "false").

0 Likes
4,008 Views
Anonymous
Not applicable

Hi Luis,

I did connection between Salesforce and QlikSense and yes the values of wantAssertionsSigned and AuthnRequestsSigned were different to the video.But I didnt change them.Leave them as it is in the file downloaded.

0 Likes
4,008 Views