Qlik Community

Ask a Question

Qlik Sense App Development

Discussion board where members can learn more about Qlik Sense App Development and Usage.

Announcements
Welcome to our newly redesigned Qlik Community! Read our blog to learn about all the new updates: READ BLOG and REPORTED ISSUES
cancel
Showing results for 
Search instead for 
Did you mean: 
Partner
Partner

Multi-factor authentication

Does anyone have pointers on setting up MFA, two-step authentication for Qlik Sense?

Links appreciated

7 Replies
Partner
Partner

Hi there,

Have you find any way to implement MFA - Multi Factor Authentication wit Qlik Sense?

Thanks!

Aldo.

Contributor III
Contributor III

Hi Amirali/Aldo,

To implement Azure MFA with QSense, you can follow the Tutorial: Azure Active Directory integration with Qlik Sense Enterprise | Microsoft Docs.

In my case, it worked correctly in the company where I job, when Azure was previously configured.

Best regards,

L G

Creator III
Creator III

I've set up Okta. I can provide some details if you are interested.

Partner
Partner

Hi Lauri,

I am interested in details configuration of multi-factor auth Okta and Qlik Sens.

Would you please share it?

Thanks!

Creator III
Creator III

Hi Narges,

If you haven't yet seen it, this video is very helpful:

https://www.youtube.com/watch?v=PoseXCN0-o0&t=202s

Here are the steps I took to set up Okta to allow users to authenticate to Sense Enterprise (initially version 3.1, now June 2017).

  1. Our users are mostly external to our organization, but we create their accounts in our local Windows Active Directory. We assign them to a security group called 'qlik.'
  2. On Sense: Create a virtual proxy that will listen for Okta SAML assertions. Follow the steps in the video.
  3. Also make sure you have another virtual proxy that uses WIndows authentication -- your monitoring apps will need it to run properly. And it's good to have so you can log into Qlik locally if/when you have problems with Okta.
  4. In Okta: Set up a connection to your user directory under "Directory Integrations" (I installed the Okta agent on our AD server to sync automatically.)
  5. In Okta: Set up the SAML to Qlik under "Applications." This part is tricky and needs to be just right. Follow steps in the video. In my case, the values in the General section are like these:
    1. Single Sign On URL, Recipient URL, Destination URL are all: https://yoururl.com:443/okta/samlauthn/
    2. Default Relay State: https://yoururl.com/okta/hub/

    3. Signature Algorithm: RSA_SHA256

    4. Digest Algorithm: SHA256

And here's a screenshot of the rest:

Capture.PNG

Under the Sign On section, I set up a Policy with a rule requiring multifactor at every sign on. This was because Sense didn't support Single Sign Out (until a very recent version, I forget which, but after Sept 2017), so if a user logs out but keeps the browser open, he can just click the browser "back" button and be logged in again.

Side Note: Our Sense server is not a member of our AD domain.


There is plenty more to describe but hopefully the video gets you there. The Okta app works very well as the 2nd factor. I'm happy to answer any questions you have.

-Lauri

Partner
Partner

Hi Lauri,

Many thanks for your well explanation. I followed the video and it went very well.

I will give it try with two-factor authentication and let you know how it goes.

Thanks

Contributor II
Contributor II

Did you try with two-factor authentication? Please let us know if you can provide any tips.